Web Servers
The Security of Web Server Software Programs
As with Web server operating systems, discussed in another article, “The more complex the Web server software is, the greater is the chance that something will go wrong.” Generally speaking, the more functionality and features that are provided by a Web server, the greater is the likelihood that there are security holes in the software.
Basic Web server software that merely provides access to static files is more secure than sophisticated Web server software that provides functions such as the execution of CGI scripts, the processing of server-side includes, the handling of scripted errors, and the dynamic listing of directories.
Web server software also differs in the degree of control accorded to browser users. Certain Web servers allow users access to only certain documents or directories or sub-directories, while some Web servers allow full access to everything. Some can be configured to allow access to certain directories according to the IP address of the client machine, or to individuals who know the right password. There are a few Web servers that offer data encryption, a necessity for e-commerce web sites. These are mainly commercial Web servers.
Here is some advice on how to make a Web server more secure:
- By their nature, Web servers have security holes. One of the most common causes of a breach of security is the CGI script. If you cannot get a CGI programming expert to check the scripts’ code, at least test the scripts to ensure that they verify the data entered by a browser user before granting access to confidential documents or any services provided by the Web server’s operating system.
- Configure the Web server carefully.
- Executable files should be allowed to run only in certain directories that you specify.
- Source code should not be stored anywhere where it can be downloaded.
- Automatic directory indexing should be switched off. If you use an external Web Hosting company and you cannot switch it off, ensure that all accessible sub-directories contain a default file such as ‘index.html’ that redirects the browser to the home page.
- If you do not need them, disable Content Management Systems and other features that allow browser users to edit and manage files on remote Web servers, such as WebDAV, SMB, SharePoint, etc.
- Identify potential weak points by utilizing the security tools that come with the Web server software and the Operating System, such as the Microsoft Internet Information Services (IIS) Lockdown Tool and the URLScan security tool.
- Private and public information should be kept physically well apart. Confidential or sensitive data should not reside on the same machines as publicly accessible Web servers. Intranets should always be protected by a firewall, but extranets can be tricky, if you want to allow certain outsiders to have access to some private data. An extranet Web server should be located outside the firewall. (This is known as a “sacrificial lamb” configuration.) A variation is to set up paired “inner” and “outer” Web servers. Another possibility is to use a proxy, which intercepts requests and forwards them to the Web server, and then does the same in the reverse direction. Ideally, any publicly accessible Web server should be located on a machine other than that on which the firewall resides.
- A Web server logs all requests. Log files should be checked regularly for any unusual entries, and anything suspicious should be investigated.
- Users’ and user groups’ access should be restricted to only what they need. Set access levels and permissions accordingly by means of the operating system’s security software. For Unix systems, the Computer Oracle and Password System (COPS) checks for many common misconfigurations. (Network Administrators often create a user group called “www” for trusted users, such as Web authors, and only members of this group have ‘write’ permission for the document root directory and its sub-directories. For maximum security of the server root directory, which contains the system configuration files, the Network Administrator sometimes gives the Web Master a special “www” user status, the only one with ‘write’ permission for it.)
- Keep an eye on what users are doing on the network. Security holes can be created innocently by uninformed users if they install one of the many free Web servers that are readily available.
- Password policy should be sensible and adhered to. Simple passwords, based on birthdays or family names, etc., should be taboo. At the other extreme, the rules should not be so strict that passwords need to be written down in order to remember them. Passwords should be changed regularly, and default passwords should be changed immediately. Default accounts, e.g., “guest log-in”, should be eliminated. Extra care should be taken with privileged accounts, such as for administrators. Confidential documents, sensitive areas and administrative functions should always be password-protected.
- Security updates and patches should be installed immediately. This applies equally to the Operating System as to the Web server software. Automate these processes if possible, but, at least, be on the look-out for security alerts from the software suppliers.
- Any feature, server or interpreter that is not actually used should be uninstalled, or at least disabled. For example, remove the File Transfer Protocol (FTP) server that Web servers usually provide, if you are not going to use it. Likewise, Trivial File Transfer Protocol (tftp), Network Information Services (NIS) clients, systat, finger, Networked File System (NFS), gopher, sendmail, and unneeded scripting languages and example scripts should go. For example, if the Web Site does not use CGI scripts written in Perl, remove the Perl interpreter. Such items are just another security risk.
In summary, as can be seen clearly from the foregoing, whatever is not actually needed should be removed or disabled.
About the Author
All rights reserved :: S Avery MSc BA(Hons) – Software Engineer and Web Designer :: Check Your Website security at website-security.biz.
Google’s Web Servers, Revealed
|
|
Del Sol Hexagonal Cold Beverage Dispenser Jug With Spigot 2.5 Gallon $27.00 This unique hexagonal design jug is the perfect thing to keep spills and sticky pitchers away. This impressive dispenser will give your parties a boost , your guests can easily enjoy refiling their cups. Elegantly designed, this dispenser will make a great countertop vessel for thirsty visitors. just fill it to its brim of its practical 2.5 gallon glass, and enjoy the convenience at the push of it… |
|
|
Aroma AWT-1202 Warming Tray with 2 Small Containers, Stainless $19.99 At Home Entertainment: Stainless steel buffet server features dual compartments and fully adjustable temperature control. Generous Capacity: Each 2.5 liter serving dish holds more than 14 individual servings and clear-view lids let guests see what’s inside. Complete Convenience: Elegant design fits easily onto any tabletop. Serving dishes and lids are dishwasher-safe for easy cleanup. Multi-Fun… |
|
|
Primula 1.5-Gallon Cold Beverage Dispenser with Chromed Metal Stand $55.00 Primula Beverage Dispenser… |
|
|
Netgear FR314 Cable/DSL Firewall Router with Integrated 4-Port 10/100 Switch $245.00 Netgear’s FR314 cable/DSL Internet gateway firewall router offers integrated, hardware-based firewall protection specifically designed for sharing high-speed Internet connections in the home and small office. Designed with denial-of-service attack-prevention technology, it delivers business-level security to the home network including real-time e-mail alerts of any hacking attempt. It also pr… |
|
|
Cisco-Linksys BEFSRU31 EtherFast Cable/DSL Router with USB & 3-Port 10/100 Switch $294.00 The Linksys EtherFast cable/DSL router with USB and three-port 10/100 switch lets you connect your desktop or notebook PC to your router easily with a USB cable–without installing a network card. Configurable as a DHCP server, this router protects networks of up to 253 users with its NAT firewall. You can manage and modify your router’s network with IP filtering, forwarding, and DMZ hosting…. |
|
|
SMC SMC7004BR Cable/DSL Router with 4 Port Switch $179.99 … |
|
|
PHP and mySQL for Beginners Part I $24.99 So you’re getting comfortable with HTML, CSS and Javascript? You’re up for the next challenge? The PHP programming language coupled with the mySQL database is the final step toward making a complete application. Many commerical e-commerce sites, membership sites and even online communities use PHP. Once familiar with PHP you can use this free technology to build just about any type of web pres… |
|
|
rFactor V. 1.255 $19.81 Presenting rFactor, the new racing simulation series from Image Space Incorporated. After successfully creating over a dozen products in the past ten years, Image Space takes the next logical step, creating a completely new technology base and development process. This new isiMotor 2.0 environment will be the foundation on which to build exciting products for many years to come. The first installm… |
|
|
Zoom 3095 USB Mini External Modem – USB – 1 x RJ-11 Phone Line – 56 Kbps $25.00 Zoom 3095 USB Mini External Modem 3095-00-00G Modems… |
|
|
Def Jam Rapstar $1.88 The world is your stageProduct InformationDef Jam Rapstar is the ultimate MC experience capturing the essence ofHip Hop – the music the battles and of course the swagger. Focusing exclusively on Hip Hop this game features more than40 of the greatest Hop Hop songs and lets you be the star as you rhymeuse your console camera and upload your video to the Def Jame Rapstaronline munity. You … |
|
|
Administrating Web Servers, Security, & Maintenance Interactive Workbook $6 No Synopsis Available |
|
|
Administrating Web Servers, Security and Maintenance : Interactive Workbook $63.69 No Synopsis Available |
|
|
Panda Security for ISA Servers – 1 year(s) $19.95 Panda Security for ISA Servers provides antivirus protection using a web (ISAPI) and application filter to scan and disinfect files in all formats sent and received through HTTP, SMTP and FTP (over HTTP) as they pass through the Microsoft ISA Server. |
|
|
Panda Security for ISA Servers – 2 year(s) $29.92 Panda Security for ISA Servers provides antivirus protection using a web (ISAPI) and application filter to scan and disinfect files in all formats sent and received through HTTP, SMTP and FTP (over HTTP) as they pass through the Microsoft ISA Server. |
|
|
Panda Security for ISA Servers – 3 year(s) $39.9 Panda Security for ISA Servers provides antivirus protection using a web (ISAPI) and application filter to scan and disinfect files in all formats sent and received through HTTP, SMTP and FTP (over HTTP) as they pass through the Microsoft ISA Server. |
|
|
Panda Security for ISA Servers – 1 año(s) $19.95 Panda Security for ISA Servers provides antivirus protection using a web (ISAPI) and application filter to scan and disinfect files in all formats sent and received through HTTP, SMTP and FTP (over HTTP) as they pass through the Microsoft ISA Server. |
|
|
Panda Security for ISA Servers – 2 año(s) $29.92 Panda Security for ISA Servers provides antivirus protection using a web (ISAPI) and application filter to scan and disinfect files in all formats sent and received through HTTP, SMTP and FTP (over HTTP) as they pass through the Microsoft ISA Server. |
|
|
Panda Security for ISA Servers – 3 año(s) $39.9 Panda Security for ISA Servers provides antivirus protection using a web (ISAPI) and application filter to scan and disinfect files in all formats sent and received through HTTP, SMTP and FTP (over HTTP) as they pass through the Microsoft ISA Server. |
|
|
Ethical Hacking and Countermeasures: Web Applications and Data Servers, 1st Edition $51.49 The EC-Council Press Ethical Hacking and Countermeasures Series is comprised of five books covering a broad base of topics in offensive network security, ethical hacking, and network defense and countermeasures. The content of this series is designed to immerse the reader into an interactive environment where they will be shown how to scan, test, hack and secure information systems. With the full series of books, the reader will gain in-depth knowledge and practical experience with essential security systems, and become prepared to succeed on the Certified Ethical Hacker, or C EH, certification from EC-Council. This certification covers a plethora of offensive security topics ranging from how perimeter defenses work, to scanning and attacking simulated networks. A wide variety of tools, viruses, and malware is presented in this and the other four books, providing a complete understanding of the tactics and tools used by hackers. By gaining a thorough understanding of how hackers operate, an Ethical Hacker will be able to set up strong countermeasures and defensive systems to protect an organization’s critical infrastructure and information. |
|
|
eBook: Ethical Hacking and Countermeasures: Web Applications and Data Servers $49.46 N/A |
|
|
Server Architectures : Multiprocessors, Clusters, Parallel Systems, Web Servers, Storage Solutions $87.7 No Synopsis Available |
|
|
Web Feed $65.33 High Quality Content by WIKIPEDIA articles A web feed (or news feed) is a data format used for providing users with frequently updated content. Content distributors syndicate a web feed, thereby allowing users to subscribe to it. Making a collection of web feeds accessible in one spot is known as aggregation, which is performed by an aggregator. A web feed is also sometimes referred to as a syndicated feed. A typical scenario of web feed use is: a content provider publishes a feed link on their site which end users can register with an aggregator program (also called a feed reader or a news reader) running on their own machines; doing this is usually as simple as dragging the link from the web browser to the aggregator. When instructed, the aggregator asks all the servers in its feed list if they have new content; if so, the aggregator either makes a note of the new content or downloads it. Aggregators can be scheduled to check for new content periodically. Web feeds are an example of pull technology, although they may appear to push content to the user. Author: Surhone, Lambert M./ Timpledon, Miriam T./ Marseken, Susan F. Binding Type: Paperback Number of Pages: 80 Publication Date: 2010/06/11 Language: English Dimensions: 5.98 x 9.01 x 0.19 inches |
|
|
Nikto Web Scanner $68.51 High Quality Content by WIKIPEDIA articles Nikto Web Scanner is a Web server scanner that tests Web servers for dangerous files/CGIs, outdated server software and other problems. It performs generic and server type specific checks. It also captures and prints any cookies received. The Nikto code itself is Open Source (GPL), however the data files used to drive it are not. Chris Sullo, the CFO of Open Security Foundation has written this scanner for vulnerability assessment. Nikto performs comprehensive tests against web servers for multiple items, including over 6100 potentially dangerous files/CGIs, versions on over 950 servers, and version specific problems on over 260 servers. Author: Surhone, Lambert M./ Timpledon, Miriam T./ Marseken, Susan F. Binding Type: Paperback Number of Pages: 76 Publication Date: 2010/07/06 Language: English Dimensions: 5.98 x 9.01 x 0.18 inches |
|
|
Caching and Materialization for Web Databases $125.78 Database systems have been driving dynamic web sites since the early 90s, and caching and materialization have been the major techniques to improve the performance, scalability, and manageability of such web databases. Different from a traditional database environment, the software components of a web database, including web servers, database servers, application servers, and possibly additional middleware, are largely independent from one another, even though they work together as a holistic system. Caching and materialization techniques for such web databases consider a number of issues at different parts of the system and they bring interesting challenges and opportunities. Caching and Materialization for Web Databases adopts a data management point of view to describe the system architectures of web databases, and analyze the research issues related to caching and materialization in such architectures. It also presents the state of the art in caching and materialization for web databases and organizes current approaches according to the fundamental questions, namely how to store, how to use, and how to maintain cached/materialized web data. Finally, it associates work in caching and materialization for web databases to similar techniques in other related areas, such as data warehousing, distributed systems, and distributed databases. Author: Labrinidis, Alexandros/ Luo, Qiong/ Xu, Jie Binding Type: Paperback Number of Pages: 112 Publication Date: 2010/02/19 Language: English Dimensions: 6.14 x 9.21 x 0.23 inches |
|
|
Abyss Web Server $79.66 High Quality Content by WIKIPEDIA articles Abyss Web Server is web server software available for Microsoft Windows, Linux, Mac OS X and FreeBSD, created by Aprelium. A web server is a computer program that delivers (serves) content, such as web pages, using the Hypertext Transfer Protocol (HTTP), over the World Wide Web. The term web server can also refer to the computer or virtual machine running the program. In large commercial deployments, a server computer running a web server can be rackmounted with other servers to operate a web farm. Author: Surhone, Lambert M./ Tennoe, Mariam T./ Henssonow, Susan F. Binding Type: Paperback Number of Pages: 108 Publication Date: 2010/08/14 Language: English Dimensions: 6.00 x 9.02 x 0.26 inches |
|
|
Web Server Technology $139.11 This authoritative presentation takes readers beyond the basics to provide the underlying principles and technical details of how World Wide Web servers really work. It explains current technology and suggests enhanced and expanded methods for disseminating information via the Web. Author: Yeager, Nancy/ McGrath, Robert E. Binding Type: Paperback Number of Pages: 407 Publication Date: 1996/03/15 Language: English Dimensions: 9.21 x 7.46 x 0.82 inches |
|
|
Lismore Salad Servers $217 Lismore Salad Servers |
|
|
Ikos Salad Servers $98 -Ikos Salad Servers |
|
|
4post Adapter F/4u-7u Servers *********************************** $110.99 4POST ADAPTER F/4U-7U SERVERS *********************************** |
|
|
Midori (Web Browser) $93.99 High Quality Content by WIKIPEDIA articles Midori ( ?, Japanese for green) is a web browser that aims to be lightweight and fast. It uses the WebKit rendering engine and the GTK+ 2 interface. Midori is part of the Xfce desktop environments Goodies component. A web browser is a software application for retrieving, presenting, and traversing information resources on the World Wide Web. An information resource is identified by a Uniform Resource Identifier (URI) and may be a web page, image, video, or other piece of content. Hyperlinks present in resources enable users to easily navigate their browsers to related resources. Although browsers are primarily intended to access the World Wide Web, they can also be used to access information provided by Web servers in private networks or files in file systems. Some browsers can be also used to save information resources to file systems. Author: Surhone, Lambert M./ Timpledon, Miriam T./ Marseken, Susan F. Binding Type: Paperback Number of Pages: 142 Publication Date: 2010/08/04 Language: English Dimensions: 6.00 x 9.02 x 0.33 inches |
|
|
Web Content Caching and Distribution $191.18 Web caching and content delivery technologies provide the infrastructure on which systems are built for the scalable distribution of information. This proceedings of the eighth annual workshop, captures a crosssection of the latest issues and techniques of interest to network architects and researchers in largescale content delivery. Topics covered include the distribution of streaming multimedia, edge caching and computation, multicast, delivery of dynamic content, enterprise content delivery, streaming proxies and servers, content transcoding, replication and caching strategies, peertopeer content delivery, and Web prefetching. Web Content Caching and Distribution encompasses all areas relating to the intersection of storage and networking for Internet content services. The book is divided into eight parts: mobility, applications, architectures, multimedia, customization, peertopeer, performance and measurement, and delta encoding. Author: Douglis, Fred/ Davison, Brian D./ Douglis, Frederick Binding Type: Hardcover Number of Pages: 346 Publication Date: 2004/08/30 Language: English Dimensions: 9.74 x 6.60 x 0.77 inches |
|
|
Rack (Web Server Interface) $71.7 High Quality Content by WIKIPEDIA articles High Quality Content by WIKIPEDIA articles Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the socalled middleware) into a single method call. Rack is available as a Ruby Gem and is installed using gem install rack. The current version is 1.1. Rack has already inspired a JavaScript framework and resulted in the Ruby developer quasistandard of rackcompliant Author: Surhone, Lambert M./ Timpledon, Miriam T./ Marseken, Susan F. Binding Type: Paperback Number of Pages: 98 Publication Date: 2010/08/11 Language: English Dimensions: 6.00 x 9.02 x 0.23 inches |
|
|
AutoView 3200 Digital KVM Switch provides access to your servers from any location via an on-board Web browser. $1739.99 Designed for the needs of small to medium-size businesses the switch also includes an analog port for local access. |
|
|
eChapter 5 from: eBook: Ethical Hacking and Countermeasures: Web Applications and Data Servers, 1st Edition $7.49 N/A |
|
|
eChapter 3 from: eBook: Ethical Hacking and Countermeasures: Web Applications and Data Servers, 1st Edition $7.49 N/A |
|
|
eChapter 4 from: eBook: Ethical Hacking and Countermeasures: Web Applications and Data Servers, 1st Edition $7.49 N/A |
|
|
eChapter 6 from: eBook: Ethical Hacking and Countermeasures: Web Applications and Data Servers, 1st Edition $7.49 N/A |
|
|
eChapter 7 from: eBook: Ethical Hacking and Countermeasures: Web Applications and Data Servers, 1st Edition $7.49 N/A |
|
|
ePack: eBook: Ethical Hacking and Countermeasures: Web Applications and Data Servers + Student Resource Center Instant Access Code $56.95 N/A |
|
|
Student Resource Center Instant Access Code for Ethical Hacking and Countermeasures: Web Applications and Data Servers, 1st Edition $50.25 N/A |
|
|
eChapter 2 from: eBook: Ethical Hacking and Countermeasures: Web Applications and Data Servers, 1st Edition $7.49 N/A |
|
|
Certified Ethical Hacker Bk. 3 : Hacking Web Applications and Data Servers in Certified Ethical Hacking $66.56 No Synopsis Available |
|
|
Zabbix 1. 8 Network Monitoring : Monitor your network hardware, servers, and web performance effectively and Efficiently $43.87 No Synopsis Available |
|
|
Web Server Administration, 1st Edition $101.49 Web Server Administration offers a comprehensive overview of the tools and techniques needed to succeed as a Web Server Administrator as well as the tasks they are expected to perform. This text provides and introduction to the basics of this job role, covers server installation, and then moves on to the installation, configuration, and administration of Web servers. This text covers all topics for both Linux and a Microsoft Windows server environments. Work with Microsoft Windows 2000 Server and Windows Server 2003, Red Hat Linux, Internet Information Services (IIS), Apache Web server, Microsoft SQL Server, MySQL, Microsoft Exchange 2000 Server, sendmail, and more. |
|
|
Symantec AntiVirus v.10.1 Corporate Edition for Workstations and Network Servers $46.99 1 System 10551441 Advanced, enterprise-wide virus protection and monitoring from a single management console Integrated Web-based graphical reporting and centralized management from one single console Detects and prevents spyware from spreading throughout the company infrastructure Guards product from unauthorized access and attacks through integrated tamper protection Real-time scanning capabilities automatically detects and removes spyware that attempts to run or install on a machine Symantec tamper protection guards against unauthorized antivirus access and attacks, protecting users from viruses that attempt to disable security measures Ensures that servers and desktops stay updated and properly configured, saving time and cost of traveling from machine to machine Symantec System Center: Windows 2000 Professional/Server/Advanced Server Windows XP Professional Windows Server 2003 Web/Standard/Enterprise/Datacenter 64 MB RAM 36 MB disk space without Snap-ins 337 MB disk space for Reporting Snap-ins 518 MB disk space for Symantec Endpoint Compliance Snap-in 24 MB disk space for AMS2 Snap-in 6 MB disk space for Symantec AntiVirus Snap-in 1 MB disk space for Symantec Client Firewall Snap-in 130 MB disk space for AV Server Rollout tool 2 MB disk space for ClientRemote Install Snap-in Microsoft Internet Explorer 5.5 with Service Pack 2 or later Microsoft Management Console (MMC) 1.2 or later* * If MMC is not already installed, you will need 3 MB free disk space (10 MB during installation). If version 1.2 or later is not on the computer to which you want to install, the installation program installs it Symantec AntiVirus Sever for Windows: Windows 2000 Professional/Server/Advanced Server Windows XP Professional Windows Server 2003 Web/Standard/Enterprise/Datacenter 64 MB RAM 140 MB disk space 15 MB disk space for reporting agent files (if you choose to install the reporting agent) Microsoft Internet Explorer 5.5 with Service Pack 2 or later Static IP address (recommended) Symantec AntiVirus Server for Netware: NetWare 5.1 with Service Pack 8 or higher, NetWare 6.0 with Service Pack 5 or higher, NetWare 6.5 with Service Pack 2 or higher 15 MB RAM 116 MB disk space (70 MB disk space for server files and 46 MB disk space for the client disk image) 20 MB disk space for AMS2 server files (if you choose to install the AMS2 server) Static IP address (recommended) AMS2 Server (optional, for legacy support): 10 MB RAM 15 MB disk space for AMS2 server files for Windows 20 MB disk space for AMS |
|
|
Web Traffic/Latency Reduction Techniques $146.58 Past researchers have developed many techniques for web traffic/latency reduction. This book contains survey of various methods used for enhancing the performance of the web. This book also contains description of some newly proposed methods for accessing the web almost instantly. A browser aware clustered cache sharing architecture is proposed for reducing the web traffic and latency. In this architecture, proxy servers are grouped into clusters and one proxy is elected as coordinator for each cluster. The coordinator proxy is elected in distributed manner to survive from failures. A dynamic prefetching technique is proposed in which web caching and prefetching techniques are integrated together to save memory space and reduce response time. An adaptive traffic reduction technique is proposed for providing an efficient access to the web sites by utilizing the existing web traffic and latency reduction methods effectively. Using adaptive traffic reduction technique, cache hit ratio is increased and latency is very much reduced. Author: Sudha J. S., Jaya Binding Type: Paperback Number of Pages: 172 Publication Date: 2011/02/18 Language: English Dimensions: 5.98 x 9.02 x 0.40 inches |
|
|
Web Security Testing Cookbook $16.56 <div><p>Among the tests you perform on web applications, security testing is perhaps the most important, yet it’s often the most neglected. The recipes in the <em>Web Security Testing Cookbook</em> demonstrate how developers and testers can check for the most common web security issues, while conducting unit tests, regression tests, or exploratory tests. Unlike ad hoc security assessments, these recipes are repeatable, concise, and systematic-perfect for integrating into your regular test suite.<br/><br/> Recipes cover the basics from observing messages between clients and servers to multi-phase tests that script the login and execution of web application features. By the end of the book, you’ll be able to build tests pinpointed at Ajax functions, as well as large multi-step tests for the usual suspects: cross-site scripting and injection attacks. This book helps you: </p><ul><li>Obtain, install, and configure useful-and free-security testing tools</li> <li>Understand how your application communicates with users, so you can better simulate attacks in your tests</li> <li>Choose from many different methods that simulate common attacks such as SQL injection, cross-site scripting, and manipulating hidden form fields</li> <li>Make your tests repeatable by using the scripts and examples in the recipes as starting points for automated tests</li> </ul><p> Don’t live in dread of the midnight phone call telling you that your site has been hacked. With <em>Web Security Testing Cookbook</em> and the free tools used in the book’s examples, you can incorporate security coverage into your test suite, and sleep in peace.</p></div> |
