Libro: Detectando malicia (Detecting Malice, Fraud Loss Prevention eBook)

Cada día se cometen fraudes en sitios web y este libro ayuda a detectar si algo oscuro está ocurriendo en el tuyo...

Detectando Malicia, en inglés Detecting Malice, es un libro escrito por Robert "RSnake" Hansen (ha.ckers.org) para ayudar a los administradores web, los desarrolladores, el personal de operaciones y los managers de productos de seguridad en la construcción y el mantenimiento de un estado de seguridad elevado.

La comprensión de la intención del usuario es la clave para reducir los ratios de fraude en las aplicaciones web modernas. Desde pymes al gobierno, este libro abarca muchos ámbitos diferentes de fraude y cómo detectarlo en muchas capas diferentes.

Desde DNS y TCP al contenido embebido y el fingerprinting del navegador se utilizan para identificar a los usuarios que tienen más probabilidades de llegar a ser peligrosos antes de que el ataque suceda. Una gran cantidad de técnicas y ejemplos están disponibles en las más de 300 páginas de este interesante libro.


Tabla de contenidos:
 Detecting Malice: Preface
    User Disposition
    Deducing Without Knowing
    Book Overview
    Who Should Read This Book?
    Why Now?
    A Note on Style
    Working Without a Silver Bullet
    Special Thanks
  Chapter 1 - DNS and TCP: The Foundations of Application Security
    In the Beginning Was DNS
    Same-Origin Policy and DNS Rebinding
    DNS Zone Transfers and Updates
    DNS Enumeration
    TCP/IP
    Spoofing and the Three-Way Handshake
    Passive OS Fingerprinting with pOf
    TCP Timing Analysis
    Network DoS and DDoS Attacks
    Attacks Against DNS
    TCP DoS
    Low Bandwidth DoS
    Using DoS As Self-Defense
    Motives for DoS Attacks
    DoS Conspiracies
    Port Scanning
    With That Out of the Way...
  Chapter 2 - IP Address Forensics
    What Can an IP Address Tell You?
    Reverse DNS Resolution
    WHOIS Database
    Geolocation
    Real-Time Block Lists and IP Address Reputation
    Related IP Addresses
    When IP Address Is A Server
    Web Servers as Clients
    Dealing with Virtual Hosts
    Proxies and Their Impact on IP Address Forensics
    Network-Level Proxies
    HTTP Proxies
    AOL Proxies
    Anonymization Services
    Tor Onion Routing
    Obscure Ways to Hide IP Address
    IP Address Forensics
    To Block or Not?
  Chapter 3 - Time
    Traffic Patterns
    Event Correlation
    Daylight Savings
    Forensics and Time Synchronization
    Humans and Physical Limitations
    Gold Farming
    CAPTCHA Breaking
    Holidays and Prime Time
    Risk Mitigation Using Time Locks
    The Future is a Fog
  Chapter 4 - Request Methods and HTTP Protocols
    Request Methods
    GET
    POST
    PUT and DELETE
    OPTIONS
    CONNECT
    HEAD
    TRACE
    Invalid Request Methods
    Random Binary Request Methods
    Lowercase Method Names
    Extraneous White Space on the Request Line
    HTTP Protocols
    Missing Protocol Information
    HTTP 1.0 vs. HTTP 1.1
    Invalid Protocols and Version Numbers
    Newlines and Carriage Returns
    Summary
  Chapter 5 - Referring URL
    Referer Header
    Information Leakage through Referer
    Disclosing Too Much
    Spot the Phony Referring URL
    Third-Party Content Referring URL Disclosure
    What Lurks in Your Logs
    Referer and Search Engines
    Language, Location, and the Politics That Comes With It
    Google Dorks
    Natural Search Strings
    Vanity Search
    Black Hat Search Engine Marketing and Optimization
    Referring URL Availability
    Direct Page Access
    Meta Refresh
    Links from SSL/TLS Sites
    Links from Local Pages
    Users' Privacy Concerns
    Determining Why Referer Isn't There
    Referer Reliability
    Redirection
    Impact of Cross-Site Request Forgery
    Is the Referring URL a Fake?
    Referral Spam
    Last thoughts
  Chapter 6 - Request URL
    What Does A Typical HTTP Request Look Like?
    Watching For Things That Don’t Belong
    Domain Name in the Request Field
    Proxy Access Attempts
    Anchor Identifiers
    Common Request URL Attacks
    Remote File Inclusion
    SQL Injection
    HTTP Response Splitting
    NUL Byte Injection
    Pipes and System Command Execution
    Cross-Site Scripting
    Web Server Fingerprinting
    Invalid URL Encoding
    Well-Known Server Files
    Easter Eggs
    Admin Directories
    Automated Application Discovery
    Well-Known Files
    Crossdomain.xml
    Robots.txt
    Google Sitemaps
    Summary
  Chapter 7 - User-Agent Identification
    What is in a User-Agent Header?
    Malware and Plugin Indicators
    Software Versions and Patch Levels
    User-Agent Spoofing
    Cross Checking User-Agent against Other Headers
    User-Agent Spam
    Indirect Access Services
    Google Translate
    Traces of Application Security Tools
    Common User-Agent Attacks
    Search Engine Impersonation
    Summary
  Chapter 8 - Request Header Anomalies
    Hostname
    Requests Missing Host Header
    Mixed-Case Hostnames in Host and Referring URL Headers
    Cookies
    Cookie Abuse
    Cookie Fingerprinting
    Cross Site Cooking
    Assorted Request Header Anomalies
    Expect Header XSS
    Headers Sent by Application Vulnerability Scanners
    Cache Control Headers
    Accept CSRF Deterrent
    Language and Character Set Headers
    Dash Dash Dash
    From Robot Identification
    Content-Type Mistakes
    Common Mobile Phone Request Headers
    X-Moz Prefetching
    Summary
  Chapter 9 - Embedded Content
    Embedded Styles
    Detecting Robots
    Detecting CSRF Attacks
    Embedded JavaScript
    Embedded Objects
    Request Order
    Cookie Stuffing
    Impact of Content Delivery Networks on Security
    Asset File Name Versioning
    Summary
  Chapter 10 - Attacks Against Site Functionality
    Attacks Against Sign-In
    Brute-Force Attacks Against Sign-In
    Phishing Attacks
    Registration
    Username Choice
    Brute Force Attacks Against Registration
    Account Pharming
    What to Learn from the Registration Data
    Fun With Passwords
    Forgot Password
    Password DoS Attacks
    Don’t Show Anyone Their Passwords
    User to User Communication
    Summary
  Chapter 11 - History
    Our Past
    History Repeats Itself
    Cookies
    JavaScript Database
    Internet Explorer Persistence
    Flash Cookies
    CSS History
    Refresh
    Same Page, Same IP, Different Headers
    Cache and Translation Services
    Uniqueness
    DNS Pinning Part Two
    Biometrics
    Breakout Fraud
    Summary
  Chapter 12 - Denial of Service
    What Are Denial Of Service Attacks?
    Distributed DoS Attacks
    My First Denial of Service Lesson
    Request Flooding
    Identifying Reaction Strategies
    Database DoS
    Targeting Search Facilities
    Unusual DoS Vectors
    Banner Advertising DoS
    Chargeback DoS
    The Great Firewall of China
    Email Blacklisting
    Dealing With Denial Of Service Attacks
    Detection
    Mitigation
    Summary
  Chapter 13 - Rate of Movement
    Rates
    Timing Differences
    CAPTCHAs
    Click Fraud
    Warhol or Flash Worm
    Samy Worm
    Inverse Waterfall
    Pornography Duration
    Repetition
    Scrapers
    Spiderweb
    Summary
  Chapter 14 - Ports, Services, APIs, Protocols and 3rd Parties
    Ports, Services, APIs, Protocols, 3rd Parties, oh my…
    SSL and Man in the middle Attacks
    Performance
    SSL/TLS Abuse
    FTP
    Webmail Compromise
    Third Party APIs and Web Services
    2nd Factor Authentication and Federation
    Other Ports and Services
    Summary
  Chapter 15 - Browser Sniffing
    Browser Detection
    Black Dragon, Master Reconnaissance Tool and BeEF
    Java Internal IP Address
    MIME Encoding and MIME Sniffing
    Windows Media Player “Super Cookie”
    Virtual Machines, Machine Fingerprinting and Applications
    Monkey See Browser Fingerprinting Software – Monkey Do Malware
    Malware and Machine Fingerprinting Value
    Unmasking Anonymous Users
    Java Sockets
    De-cloaking Techniques
    Persistence, Cookies and Flash Cookies Redux
    Additional Browser Fingerprinting Techniques
    Summary
  Chapter 16 - Uploaded Content
    Content
    Images
    Hashing
    Image Watermarking
    Image Steganography
    EXIF Data In Images
    GDI+ Exploit
    Warez
    Child Pornography
    Copyrights and Nefarious Imagery
    Sharm el Sheikh Case Study
    Imagecrash
    Text
    Text Stenography
    Blog and Comment Spam
    Power of the Herd
    Profane Language
    Localization and Internationalization
    HTML
    Summary
  Chapter 17 - Loss Prevention
    Lessons From The Offline World
    Subliminal Imagery
    Security Badges
    Prevention Through Fuzzy Matching
    Manual Fraud Analysis
    Honeytokens
    Summary
  Chapter 18 - Wrapup
    Mood Ring
    Insanity
    Blocking and the 4th Wall Problem
    Booby Trapping Your Application
    Heuristics Age
    Know Thy Enemy
    Race, Sex, Religion
    Profiling
    Ethnographic Landscape
    Calculated Risks
    Correlation and Causality
    Conclusion
  About Robert Hansen
Web del libro: http://www.detectmalice.com/

Comentarios