Hack Proof Your XML Documents!
XML is quickly becoming the universal protocol for transferring information from site to site via HTTP. Whereas HTML will continue to be the language for displaying documents on the Internet, developers will find new and interesting ways to harness the power of XML to transmit, exchange, and manipulate data using XML. Validation of the XML document and of the messages going to that document is the first line of defense in hack proofing XML. The same properties that make XML a powerful language for defining data across systems make it vulnerable to attacks. More important, since many firewalls will pass XML data without filtering, a poorly constructed and invalidated document can constitute a serious system-level vulnerability. Hack Proofing® XML will show you the ins and outs of XML and .NET security.
- Understand
the Role of the Hacker
Review hacking terms such as hacker, cracker, black hat, phreaks, and script kiddies and learn how to identify real threats. - Learn the
Forms of Information Leakage
See how banners, error messages, protocol analysis, and bad design can be used by attackers. - Build
Well-Formed XML Documents
Review the goals of XML and see how well-formed code will help protect you from hackers. - Learn About
Plain-Text Attacks
See how this type of attack is one of the most insidious tools hackers can use to compromise a database or application. - Apply XML
Digital Signatures to Security
The XML specification for digital signatures is flexible and gives you the ability to sign anything from a simple message embedded in a signature or a message that contains the signature within it or external resources. - Apply
Encryption to XML
Encryption in XML provides the essential elements of security: integrity of the document, confidentiality of content, and authentication. - Apply
Role-Based Access Control Ideas in XML
See how a secure operating system working in conjunction with a secure application provides the most hackproof design possible. - Learn the
Risks Associated with Using XML
See how .NET security can be a viable alternative for handling permissions, authentication and authorization. - Report
Security Problems
Determine when and to whom to report the problem and find rules for deciding how much detail to publish. - Register for
Your 1 Year Upgrade
The Syngress Solutions upgrade plan protects you from content obsolescence and provides monthly mailings, whitepapers, and more!
Contents
Foreword
Chapter 1 The Zen of
Hack Proofing
Chapter 2 Classes of
Attack
Chapter 3 Reviewing
the Fundamentals of XML
Chapter 4 Document
Type: The Validation Gateway
Chapter 5 XML
Digital Signatures
Chapter 6 Encryption
in XML
Chapter 7 Role-Based
Access Control
Ch