CEH v7 Web Application Vulnerabilities Study guide

Iphone users – use the copy feature for URLs below and paste to browser – if it is a PDF try goodreader app for better viewing

Here is a list of resources and books to help with your study.

12 Hacking Web Applications (13)

12 Reading

Basic HTML Examples
PDF of Hacking Exposed chapter 1
OWASP Top 10 2010 Web Application Vulnerabilities
WebGoat Web Hacking Simulation Series
w3af – Web Application Attack and Audit Framework
Components and Web Application Architecture
A New Threat To Web Applications: Connection String Parameter Pollution (CSPP) | ORA600
WGET 1.11.4 for Windows (win32)
Bugtraq: Re: Bad news on RPC DCOM vulnerability

12 Tools

Web Application Penetration Testing – OWASP
Burp Suite
Nikto2 | CIRT.net
Web application security – Acunetix Web Vulnerability Scanner
Wget for Windows
Sleuth 1.4 Overview
HooBieNet – Home
soapUI – The Home of Functional Testing
XML Editor, Data Management, UML, and Web Services Tools from Altova
Products » Enterprise | N-Stalker The Web Security Specialists
SecuBat Vulnerability Scanner
skipfish – web application security scanner – Google Project Hosting
Websecurify | Web Application Security Scanner and Manual Penetration Testing Tool
website monitoring KeepNI
Wapiti – Web application security auditor
Web Application Firewall, Affordable Industry Leading Web Security
Imperva ThreatRadar – Reputation-Based Security for Automated Attacks
Radware AppWall: Web Application Security and Compliance Solution
Intrusion Detection and Prevention, Security Data Analytics, Personal Firewall – Privacyware
Web Application Security, Web Application Firewall

12 XSS

What is Cross Site Scripting (XSS) | Cross-Site Scripting Examples and Information
XSS (Cross Site Scripting) Prevention Cheat Sheet – OWASP
[DOM Based Cross Site Scripting or XSS of the Third Kind] Web Security Articles – Web Application Security Consortium
Common Security Mistakes in Web Applications – Smashing Magazine
The Cross-Site Scripting (XSS) FAQ

12 Attacks

The Web Application Security Consortium / Threat Classification
The Web Application Security Consortium / Web-Hacking-Incident-Database
Top 10 attacks – OWASP
OWASP Testing
Secure Coding Guide: Validating Input
InformIT: Security Reference Guide > Code Injection Explained
The Web Application Security Consortium / LDAP Injection
Preventing HTML form tampering
CSRF Attacks and Web Forms
The Cross-Site Request Forgery (CSRF/XSRF) FAQ
Cookie Poisoning (Definition, Examples, Videos, and Prevention)
Cookie Poisoning how to.
The Web Application Security Consortium / Buffer Overflow
Anatomy of a Web Services Attack | SYS-CON NEWS DESK
SensePost – J-Baah – Generic HTTP Fuzzer
The Web Application Security Consortium / XPath Injection

12 Defense

Samoa: Formal Tools for Securing Web Services – Microsoft Research
Microsoft’s Anti-Cross Site Scripting Security Runtime Engine Sample – AntiXSS 3.1
The Simplest Security: A Guide To Better Password Practices | Symantec Connect Community
Port80 Software » Products » PCI Compliant Web App Firewall for IIS Servers
Posted in Certified Ethical Hacker, Quizzer
Product Categories