7.11.4 Obfuscation logs : .................................................................................................... 154 7.11.5 Not me : ........................................................................................................................ 154
7.12 QUIZ : ...................................................................................................................................... 155
Chapter 8 Attack Tools .............................................................................................................. 157 8.1 Browsers ............................................................................................................................... 158 8.2 Browser ’ s Extensions ....................................................................................................... 158 8.2.1 IE tempres : ................................................................................................................ 159 8.2.2 IEWatch : ..................................................................................................................... 159 8.2.3 liveHttpHeaders : .................................................................................................... 160 8.2.4 TempareData : .......................................................................................................... 160 8.2.5 FoxyProxy : ................................................................................................................ 161 8.2.6 PrefBar : ....................................................................................................................... 161 8.2.7 Wappalyzer : ............................................................................................................. 162 8.2.8 XSS Rays extension for chrome : ..................................................................... 162
8.3 Command line tools ......................................................................................................... 163 8.3.1 Wget ............................................................................................................................. 163 8.3.2 cURL ............................................................................................................................. 164 8.3.3 NETCAT : ..................................................................................................................... 164 8.4 Overview , functionalities and orchestration .......................................................... 164 8.5 Stand-alone tools .............................................................................................................. 167 8.6 QUIZ : ...................................................................................................................................... 171
Chapter 9 Secure Application Development ................................................................... 173 9.1 Injecting security - Penetration and patch approach ......................................... 174 9.2 Security centric approach .............................................................................................. 174 9.3 Microsoft Security development cycle ( SDL )........................................................... 175 9.3.1 Emphasize security Training : .......................................................................... 176 9.3.2 Use Secure code libraries : .................................................................................. 176 9.3.3 Code review : ............................................................................................................. 177 9.3.4 Use static Analysis tools : .................................................................................... 177 9.3.5 Black box scanning : .............................................................................................. 178 9.3.6 Plan to response , the worst might happen :............................................... 178 9.4 SDL-Agile ............................................................................................................................... 180
9.5 OWASP Comprehensive lightweight application security process ( CLASP ) 180