Hack Proofing XML
暫譯: XML 安全防護指南

Hack Proof Your XML Documents!

XML is quickly becoming the universal protocol for transferring information from site to site via HTTP. Whereas HTML will continue to be the language for displaying documents on the Internet, developers will find new and interesting ways to harness the power of XML to transmit, exchange, and manipulate data using XML. Validation of the XML document and of the messages going to that document is the first line of defense in hack proofing XML. The same properties that make XML a powerful language for defining data across systems make it vulnerable to attacks. More important, since many firewalls will pass XML data without filtering, a poorly constructed and invalidated document can constitute a serious system-level vulnerability. Hack Proofing® XML will show you the ins and outs of XML and .NET security.

• Understand the Role of the Hacker
  Review hacking terms such as hacker, cracker, black hat, phreaks, and script kiddies and learn how to identify real threats.
• Learn the Forms of Information Leakage
  See how banners, error messages, protocol analysis, and bad design can be used by attackers.
• Build Well-Formed XML Documents
  Review the goals of XML and see how well-formed code will help protect you from hackers.
• Learn About Plain-Text Attacks
  See how this type of attack is one of the most insidious tools hackers can use to compromise a database or application.
• Apply XML Digital Signatures to Security
  The XML specification for digital signatures is flexible and gives you the ability to sign anything from a simple message embedded in a signature or a message that contains the signature within it or external resources.
• Apply Encryption to XML
  Encryption in XML provides the essential elements of security: integrity of the document, confidentiality of content, and authentication.
• Apply Role-Based Access Control Ideas in XML
  See how a secure operating system working in conjunction with a secure application provides the most hackproof design possible.
• Learn the Risks Associated with Using XML
  See how .NET security can be a viable alternative for handling permissions, authentication and authorization.
• Report Security Problems
  Determine when and to whom to report the problem and find rules for deciding how much detail to publish.
• Register for Your 1 Year Upgrade
  The Syngress Solutions upgrade plan protects you from content obsolescence and provides monthly mailings, whitepapers, and more!

Contents

Foreword

Chapter 1 The Zen of Hack Proofing

Chapter 2 Classes of Attack

Chapter 3 Reviewing the Fundamentals of XML

Chapter 4 Document Type: The Validation Gateway

Chapter 5 XML Digital Signatures

Chapter 6 Encryption in XML

Chapter 7 Role-Based Access Control

Ch