7.11.4 Obfuscation logs:.................................................................................................... 154 7.11.5 Not me:........................................................................................................................ 154
7.12 QUIZ:...................................................................................................................................... 155
Chapter 8 Attack Tools.............................................................................................................. 157 8.1 Browsers............................................................................................................................... 158 8.2 Browser’ s Extensions....................................................................................................... 158 8.2.1 IE tempres:................................................................................................................ 159 8.2.2 IEWatch:..................................................................................................................... 159 8.2.3 liveHttpHeaders:.................................................................................................... 160 8.2.4 TempareData:.......................................................................................................... 160 8.2.5 FoxyProxy:................................................................................................................ 161 8.2.6 PrefBar:....................................................................................................................... 161 8.2.7 Wappalyzer:............................................................................................................. 162 8.2.8 XSS Rays extension for chrome:..................................................................... 162
8.3 Command line tools......................................................................................................... 163 8.3.1 Wget............................................................................................................................. 163 8.3.2 cURL............................................................................................................................. 164 8.3.3 NETCAT:..................................................................................................................... 164 8.4 Overview, functionalities and orchestration.......................................................... 164 8.5 Stand-alone tools.............................................................................................................. 167 8.6 QUIZ:...................................................................................................................................... 171
Chapter 9 Secure Application Development................................................................... 173 9.1 Injecting security- Penetration and patch approach......................................... 174 9.2 Security centric approach.............................................................................................. 174 9.3 Microsoft Security development cycle( SDL)........................................................... 175 9.3.1 Emphasize security Training:.......................................................................... 176 9.3.2 Use Secure code libraries:.................................................................................. 176 9.3.3 Code review:............................................................................................................. 177 9.3.4 Use static Analysis tools:.................................................................................... 177 9.3.5 Black box scanning:.............................................................................................. 178 9.3.6 Plan to response, the worst might happen:............................................... 178 9.4 SDL-Agile............................................................................................................................... 180
9.5 OWASP Comprehensive lightweight application security process( CLASP) 180