Web Penetration Testing with Kali Linux - Third Edition by Gilberto Nájera-Gutiérrez
Author:Gilberto Nájera-Gutiérrez
Language: eng
Format: mobi, epub
Tags: COM043050 - COMPUTERS / Security / Networking, COM060160 - COMPUTERS / Web / Web Programming, COM088010 - COMPUTERS / System Administration / Linux and UNIX Administration
Publisher: Dominic Shakeshaft
Published: 2018-02-28T06:36:57+00:00
Always use secure protocols, such as TLS, to submit login information.
Do not disclose information about the existence or validity of a username in error messages or response codes (for example, do not respond with a 404 code when a user is not found).
To prevent brute-force attacks, implement a temporary lockout after a certain number of failed attempts: five is a well-balanced number, so that a user who fails to log in five consecutive times is locked out for a certain amount of time, say twenty or thirty minutes.
If the password reset feature is implemented, ask for the username or email and the security question, if available. Then, send a one-time reset link to the user's registered email or to their mobile phone through SMS. This link must be disabled after the user resets their password or after a certain amount of time, perhaps a couple of hours, if that doesn't happen.
When implementing MFA, favor the use of third-party and widely tested frameworks, such as Google Authenticator or Authy, if using mobile applications or RSA, or Gemalto devices, if a physical token or smartcard is required.
Avoid implementing custom or home-made cryptography and random generation modules, and favor standard algorithms from well-known libraries and frameworks.
Ask for re-authentication on sensitive tasks, such as privilege changes on users, sensitive data deletion, or modification of global configuration changes.
Download
Web Penetration Testing with Kali Linux - Third Edition by Gilberto Nájera-Gutiérrez.epub
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Digital Forensics and Incident Response - Second Edition by Gerard Johansen(1359)
Network Security Strategies by Aditya Mukherjee(1287)
Modern Cryptography for Cybersecurity Professionals by Lisa Bock(1238)
Practical Cybersecurity Architecture by Diana Kelley Ed Moyle(1204)
Web Penetration Testing with Kali Linux - Third Edition by Gilberto Nájera-Gutiérrez(745)
Web Application Obfuscation by Mario Heiderich & Eduardo Alberto Vela Nava & Gareth Heyes & David Lindsay(558)
Cybersecurity - Attack and Defense Strategies by Erdal Ozkaya & Yuri Diogenes(549)
GCIH GIAC Certified Incident Handler All-in-One Exam Guide by Nick Mitropoulos(410)
Cybercrime Investigations by John Bandler(369)
Kali Linux Penetration Testing Bible by Gus Khawaja(363)
Computer Hacking Forensic Investigator Exam Workbook: 500+ Questions & Answers for ECCouncil 312-49: Updated 2020 by Aries+ Centre(325)
The Hardware Hacking Handbook by Colin O'Flynn(323)
Kali Linux: Testing Your Network: How to Test Infrastructure Security with Security Testing and Penetration Testing by Eltrinos Frank(315)
The Big User-Friendly Cyber Security Gaint - Palo Alto Networks: An Ultimate Guide To Secure Your Cloud And On-Premise Networks by Purackal Rachel Sebastian(285)
Security in Computing, 5e by Charles P. Pfleeger & Shari Lawrence Pfleeger & Jonathan Margulies(282)
Penetration Testing and Reverse Engineering: Intrusion Detection Systems and e-Commerce Websites by Rob Kowalski(279)
8 Steps to Better Security by Crawley Kim;(269)
Security, Privacy and User Interaction by Unknown(259)
Cybersecurity: A Self-Teaching Introduction by C.P. Gupta & K.K. Goyal(248)
