白帽子讲Web安全(纪念版) 吴翰清电子工业出版社 9787121234101 正版旧书

正版旧书里面部分笔记内容完好可正常使用旧书不附带光盘

作者: 吴翰清
出版社: 电子工业出版社
ISBN: 9787121234101

出版时间: 2014-06
装帧: 线装
页数: 448页

作者: 吴翰清
出版社: 电子工业出版社

ISBN: 9787121234101
出版时间: 2014-06

装帧: 线装
页数: 448页

售价 25.10

品相 九五品

优惠

运费

本店暂时无法向该地区发货

延迟发货说明

时间：

说明：

上书时间2024-04-25

数量: 库存3件

立即购买加入购物车收藏

卖家超过10天未登录

商品详情
店铺评价

手机购买

微信扫码访问

商品分类：

教材教辅考试 > 教材 > 大学教材 > 文学

货号：

3382436

商品描述：

温馨提示：亲！旧书库存变动比较快，有时难免会有断货的情况，为保证您的利益，拍前请务必联系卖家咨询库存情况！谢谢！书名：白帽子讲Web安全(纪念版)
编号：3382436
ISBN：9787121234101[十位:]
作者：吴翰清
出版社：电子工业出版社
出版日期：2014年06月
页数：448
定价：69.00 元
参考重量：0.650Kg
-------------------------
新旧程度：6-9成新左右，不影响阅读，详细情况请咨询店主
如图书附带、磁带、学习卡等请咨询店主是否齐全* 图书目录 **篇世界观安全
第1 章我的安全世界观...................................................................................................2
1.1 Web 安全简史................................................................................................2
1.1.1 中国黑客简史........................................................................................2
1.1.2 黑客技术的发展历程..............................................................................3
1.1.3 Web 安全的兴起....................................................................................5
1.2 黑帽子,白帽子.............................................................................................6
1.3 返璞归真,揭秘安全的本质..........................................................................7
1.4 破除迷信,没有银弹.....................................................................................9
1.5 安全三要素..................................................................................................10
1.6 如何实施安全评估....................................................................................... 11
1.6.1 资产等级划分......................................................................................12
1.6.2 威胁分析.............................................................................................13
1.6.3 风险分析.............................................................................................14
1.6.4 设计安全方案......................................................................................15
1.7 白帽子兵法..................................................................................................16
1.7.1 Secure By Default 原则.........................................................................16
1.7.2 纵深防御原则......................................................................................18
1.7.3 数据与代码分离原则............................................................................19
1.7.4 不可预测性原则...................................................................................21
1.8 小结.............................................................................................................22
(附)谁来为漏洞买单?..................................................................................23
第二篇客户端脚本安全
第2 章浏览器安全.........................................................................................................26
2.1 同源策略......................................................................................................26
2.2 浏览器沙箱..................................................................................................30
2.3 恶意网址拦截..............................................................................................33
2.4 高速发展的浏览器安全...............................................................................36
2.5 小结.............................................................................................................39
第3 章跨站脚本攻击(XSS) .....................................................................................40
3.1 XSS 简介......................................................................................................40
3.2 XSS 攻击进阶..............................................................................................43
3.2.1 初探XSS Payload.................................................................................43
3.2.2 强大的XSS Payload ............................................................................. 46
3.2.3 XSS 攻击平台.....................................................................................62
3.2.4 *武器:XSS Worm..........................................................................64
3.2.5 调试JavaScript ....................................................................................73
3.2.6 XSS 构造技巧......................................................................................76
3.2.7 变废为宝:Mission Impossible ..............................................................82
3.2.8 容易被忽视的角落:Flash XSS .............................................................85
3.2.9 真的高枕无忧吗:JavaScript 开发框架..................................................87
3.3 XSS 的防御..................................................................................................89
3.3.1 四两拨千斤:HttpOnly .........................................................................89
3.3.2 输入检查.............................................................................................93
3.3.3 输出检查.............................................................................................95
3.3.4 正确地防御XSS ..................................................................................99
3.3.5 处理富文本....................................................................................... 102
3.3.6 防御DOM Based XSS......................................................................... 103
3.3.7 换个角度看XSS 的风险..................................................................... 107
3.4 小结........................................................................................................... 107
第4 章跨站点请求伪造(CSRF) ............................................................................ 109
4.1 CSRF 简介................................................................................................. 109
4.2 CSRF 进阶................................................................................................. 111
4.2.1 浏览器的Cookie 策略........................................................................ 111
4.2.2 P3P 头的副作用................................................................................. 113
4.2.3 GET? POST?...................................................................................... 116
4.2.4 Flash CSRF........................................................................................ 118
4.2.5 CSRF Worm....................................................................................... 119
4.3 CSRF 的防御.............................................................................................. 120
4.3.1 验证码.............................................................................................. 120
4.3.2 Referer Check..................................................................................... 120
4.3.3 Anti CSRF Token................................................................................ 121
4.4 小结........................................................................................................... 124
第5 章点击劫持(ClickJacking)............................................................................. 125
5.1 什么是点击劫持......................................................................................... 125
5.2 Flash 点击劫持........................................................................................... 127
5.3 图片覆盖攻击............................................................................................ 129
5.4 拖拽劫持与数据窃取................................................................................. 131
5.5 ClickJacking 3.0:触屏劫持....................................................................... 134
5.6 防御ClickJacking....................................................................................... 136
5.6.1 frame busting ..................................................................................... 136
5.6.2 X-Frame-Options ................................................................................ 137
5.7 小结........................................................................................................... 138
第6 章 HTML 5 安全................................................................................................... 139
6.1 HTML 5 新标签.......................................................................................... 139
6.1.1 新标签的XSS.................................................................................... 139
6.1.2 iframe 的sandbox ............................................................................... 140
6.1.3 Link Types: noreferrer ......................................................................... 141
6.1.4 Canvas 的妙用................................................................................... 141
6.2 其他安全问题............................................................................................ 144
6.2.1 Cross-Origin Resource Sharing ............................................................. 144
6.2.2 postMessage——跨窗口传递消息......................................................... 146
6.2.3 Web Storage....................................................................................... 147
6.3 小结........................................................................................................... 150
第三篇服务器端应用安全
配送说明

...
相似商品
为你推荐