Client-Side Attacks and Defense

Client-Side Attacks and Defense, 1st Edition

Client-Side Attacks and Defense, 1st Edition,Sean-Philip Oriyano,Robert Shimonski,ISBN9781597495905






235 X 191

Learn how to defend your network against client-side attacks that target your company’s most vulnerable asset -- the end user!

Print Book + eBook

USD 59.94
USD 99.90

Buy both together and save 40%

Print Book


In Stock

Estimated Delivery Time
USD 49.95

eBook Overview

VST format:

DRM Free included formats: EPub, Mobi, PDF

USD 49.95
Add to Cart

Key Features

  • Design and implement your own attack, and test methodologies derived from the approach and framework presented by the authors
  • Learn how to strengthen your network's host- and network-based defense against attackers' number one remote exploit—the client-side attack
  • Defend your network against attacks that target your company's most vulnerable asset—the end user


Client-Side Attacks and Defense offers background networks against its attackers. The book examines the forms of client-side attacks and discusses different kinds of attacks along with delivery methods including, but not limited to, browser exploitation, use of rich internet applications, and file format vulnerabilities. It also covers defenses, such as antivirus and anti-spyware, intrusion detection systems, and end-user education. The book explains how to secure Web browsers, such as Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Apple Safari, and Opera. It discusses advanced Web attacks and advanced defenses against them. Moreover, it explores attacks on messaging, Web applications, and mobiles. The book concludes with a discussion on security measures against client-side attacks, starting from the planning of security. This book will be of great value to penetration testers, security consultants, system and network administrators, and IT auditors.


Penetration Testers; Security Consultants; System and Network Administrators; IT Auditors

Sean-Philip Oriyano

Sean-Philip Oriyano (CISSP, CNDA, CEH, MCSE) is a veteran of the Information Teechnology and engineering fields, working with a wide variety of organizations to deliver unique and innovative solutions. He has spent his time in the field working with nearly all aspects of IT and management with special emphasis on Information Security concepts, techniques, and practices. Sean is an advocate of strong security knowledge and practices, has workd with clients such as the U.S. Air Force, U.S. Navy, U.S. Army, and has been sought out to instruct at locations such as the U.S. Air Force Academy and Naval War College. Sean is an experienced content developer and technical writer who has published articles on the IT and Information Security fields. Sean counts IBM, Amazon, Autodesk, and Microsoft among his clients. Sean publishes content regularly and publishes this information on his web site at www.oriyano.com and shares his knowledge in his classes and lectures. Sean is a member of EC-Council, InfraGard, and BECCA.

Affiliations and Expertise


Robert Shimonski

Rob Shimonski (www.shimonski.com) is an experienced entrepreneur and an active participant in the business community. Rob is a best-selling author and editor with over 15 years experience developing, producing and distributing print media in the form of books, magazines and periodicals. To date, Rob has successfully created over 100 books that are currently in circulation. Rob has worked for countless companies to include CompTIA, Entrepreneur Magazine, Microsoft, McGraw Hill Education, Cisco, the National Security Agency and Digidesign. Rob has an extremely diverse background in the print media industry filling roles such as author, co-author, technical editor, copy editor and developmental editor. Since print media shifted to the digital domain, Rob has focused the past decade on developing all of the needed skills to produce professional audio and video media. An expert in Digital Audio Workstation (DAW) design and video production, Rob has created over 500 different media packages to include commercials for TV, online advertising clips, audio podcasts and much more. Rob started to train others while in the US Marine Corps. Since, Rob has held a NY State teaching certificate as well as multiple trainer roles in colleges and trade schools across the world.

Affiliations and Expertise

is a networking and security veteran with over 20 years' experience in military, corporate and educational environments.

View additional works by Robert Shimonski

Client-Side Attacks and Defense, 1st Edition

Dedication and Thanks Biography Chapter 1 Client-Side Attacks Defined     Client-Side Attacks: An Overview          Why Are Client-Side Attacks Successful?          Motivations Behind Client-Side Attacks          Types of Client-Side Attacks          Confidentiality Impact          Integrity Impact          Availability Impact     Summary Chapter 2 Dissection of a Client-Side Attack     What Constitutes a Client-Side Attack?          Initiating an Attack: A Look at Cross-Site Scripting (XSS)          The Threats of Cross-Site Scripting          Anatomy of Some Potential Attacks          Other Client-Side Attacks          Vulnerabilities that Lead to Client-Side Attacks          Summary Chapter 3 Protecting Web Browsers     Common Functions of a Web Browser          Features of Modern Browsers     Microsoft Internet Explorer          Features          Security          Add-ons and Other Features     Mozilla Firefox          Features          Security          Add-ons and Other Features     Google Chrome          Features          Security          Add-ons and Other Features     Apple Safari          Features          Security          Add-ons and Other Features     Opera          Features          Security          Add-ons and Other Features     Web Browsers as a Target          Selecting a Safe Web Browser     Summary Chapter 4 Security Issues with Web Browsers     What is Being Exposed?     Many Features, Many Risks     Tabnapping     Is Private Really Private?     Summary Chapter 5 Advanced Web Attacks     What is Active Content?          A Mix of Active Technologies     A Closer Look at Active Content Types          Microsoft Silverlight          ActiveX          Java          JavaScript          VBScript          HTML 5     Summary Chapter 6 Advanced Web Browser Defenses     A Mix of Protective Measures          A Mix of Potential Threats          A Review of Browser Features and Security Risks          Browser-Based Defenses          Supporting the Browser     Summary Chapter 7 Messaging Attacks and Defense     Evolution of the Email Client          Present Day Messaging Clients          Email Client Programs          Sending and Receiving Mail          Webmail     Messaging Attacks and Defense          Spam          Malware          Malicious Code          Denial of Service (DoS) Attacks          Hoaxes          Phishing     Summary Chapter 8 Web Application Attacks     Understanding Web Applications          Types of Web Applications     The Benefit of using Web Applications     Web Application Attacks and Defense          Remote Code Execution          SQL Injection          Format String Vulnerabilities          Cross Site Scripting          Username Enumeration          Misconfiguration     What’s the Target?          Personal Information          Financial Data     Summary Chapter 9 Mobile Attacks     Mobile Devices and Client-Side Attacks          Communication Types          Types of Mobile Devices          Mobile Devices Attacks          Mobile Device Weaknesses     Summary Chapter 10 Securing Against Client-Side Attack     Security Planning          Planning for Security     Securing Applications and Infrastructure          Web Application Security Process          Securing Infrastructure          Securing Applications          Types of Security Used In Applications          Digital Signatures          Digital Certificates          Reviewing the Basics of PKI          Testing Your Security Implementation     Securing Clients          Malware Protection          How to Secure Against Malicious Software     Summary Index

Shop with Confidence

Free Shipping around the world
▪ Broad range of products
▪ 30 days return policy

Contact Us