Fraud Loss Prevention eBook

Every day hackers are stealing millions from websites and this is the book that will help you detect it happening on yours. Detecting Malice was written to help website administrators, developers, operations personelle and security product managers in building and maintaining a higher security posture. Understanding user intent is the cornerstone for reducing fraud ratios in modern web applications. From retail to government, this book covers many different realms of fraud and how to detect it at many different technical layers. From DNS and TCP to embedded content and browser fingerprinting techniques it is possible to identify users who are most likely to become dangerous often before it actually happens. A plethora of techniques and examples are all available to you within the 300+ pages of this book. And best of all, I've finally made it completely FREE!

Table of Contents: 
  Detecting Malice: Preface
    User Disposition
    Deducing Without Knowing
    Book Overview
    Who Should Read This Book?
    Why Now?
    A Note on Style
    Working Without a Silver Bullet
    Special Thanks
  Chapter 1 - DNS and TCP: The Foundations of Application Security
    In the Beginning Was DNS
    Same-Origin Policy and DNS Rebinding
    DNS Zone Transfers and Updates
    DNS Enumeration
    TCP/IP
    Spoofing and the Three-Way Handshake
    Passive OS Fingerprinting with pOf
    TCP Timing Analysis
    Network DoS and DDoS Attacks
    Attacks Against DNS
    TCP DoS
    Low Bandwidth DoS
    Using DoS As Self-Defense
    Motives for DoS Attacks
    DoS Conspiracies
    Port Scanning
    With That Out of the Way...
  Chapter 2 - IP Address Forensics
    What Can an IP Address Tell You?
    Reverse DNS Resolution
    WHOIS Database
    Geolocation
    Real-Time Block Lists and IP Address Reputation
    Related IP Addresses
    When IP Address Is A Server
    Web Servers as Clients
    Dealing with Virtual Hosts
    Proxies and Their Impact on IP Address Forensics
    Network-Level Proxies
    HTTP Proxies
    AOL Proxies
    Anonymization Services
    Tor Onion Routing
    Obscure Ways to Hide IP Address
    IP Address Forensics
    To Block or Not?
  Chapter 3 - Time
    Traffic Patterns
    Event Correlation
    Daylight Savings
    Forensics and Time Synchronization
    Humans and Physical Limitations
    Gold Farming
    CAPTCHA Breaking
    Holidays and Prime Time
    Risk Mitigation Using Time Locks
    The Future is a Fog
  Chapter 4 - Request Methods and HTTP Protocols
    Request Methods
    GET
    POST
    PUT and DELETE
    OPTIONS
    CONNECT
    HEAD
    TRACE
    Invalid Request Methods
    Random Binary Request Methods
    Lowercase Method Names
    Extraneous White Space on the Request Line
    HTTP Protocols
    Missing Protocol Information
    HTTP 1.0 vs. HTTP 1.1
    Invalid Protocols and Version Numbers
    Newlines and Carriage Returns
    Summary
  Chapter 5 - Referring URL
    Referer Header
    Information Leakage through Referer
    Disclosing Too Much
    Spot the Phony Referring URL
    Third-Party Content Referring URL Disclosure
    What Lurks in Your Logs
    Referer and Search Engines
    Language, Location, and the Politics That Comes With It
    Google Dorks
    Natural Search Strings
    Vanity Search
    Black Hat Search Engine Marketing and Optimization
    Referring URL Availability
    Direct Page Access
    Meta Refresh
    Links from SSL/TLS Sites
    Links from Local Pages
    Users' Privacy Concerns
    Determining Why Referer Isn't There
    Referer Reliability
    Redirection
    Impact of Cross-Site Request Forgery
    Is the Referring URL a Fake?
    Referral Spam
    Last thoughts
  Chapter 6 - Request URL
    What Does A Typical HTTP Request Look Like?
    Watching For Things That Don't Belong
    Domain Name in the Request Field
    Proxy Access Attempts
    Anchor Identifiers
    Common Request URL Attacks
    Remote File Inclusion
    SQL Injection
    HTTP Response Splitting
    NUL Byte Injection
    Pipes and System Command Execution
    Cross-Site Scripting
    Web Server Fingerprinting
    Invalid URL Encoding
    Well-Known Server Files
    Easter Eggs
    Admin Directories
    Automated Application Discovery
    Well-Known Files
    Crossdomain.xml
    Robots.txt
    Google Sitemaps
    Summary
  Chapter 7 - User-Agent Identification
    What is in a User-Agent Header?
    Malware and Plugin Indicators
    Software Versions and Patch Levels
    User-Agent Spoofing
    Cross Checking User-Agent against Other Headers
    User-Agent Spam
    Indirect Access Services
    Google Translate
    Traces of Application Security Tools
    Common User-Agent Attacks
    Search Engine Impersonation
    Summary
  Chapter 8 - Request Header Anomalies
    Hostname
    Requests Missing Host Header
    Mixed-Case Hostnames in Host and Referring URL Headers
    Cookies
    Cookie Abuse
    Cookie Fingerprinting
    Cross Site Cooking
    Assorted Request Header Anomalies
    Expect Header XSS
    Headers Sent by Application Vulnerability Scanners
    Cache Control Headers
    Accept CSRF Deterrent
    Language and Character Set Headers
    Dash Dash Dash
    From Robot Identification
    Content-Type Mistakes
    Common Mobile Phone Request Headers
    X-Moz Prefetching
    Summary
  Chapter 9 - Embedded Content
    Embedded Styles
    Detecting Robots
    Detecting CSRF Attacks
    Embedded JavaScript
    Embedded Objects
    Request Order
    Cookie Stuffing
    Impact of Content Delivery Networks on Security
    Asset File Name Versioning
    Summary
  Chapter 10 - Attacks Against Site Functionality
    Attacks Against Sign-In
    Brute-Force Attacks Against Sign-In
    Phishing Attacks
    Registration
    Username Choice
    Brute Force Attacks Against Registration
    Account Pharming
    What to Learn from the Registration Data
    Fun With Passwords
    Forgot Password
    Password DoS Attacks
    Don't Show Anyone Their Passwords
    User to User Communication
    Summary
  Chapter 11 - History
    Our Past
    History Repeats Itself
    Cookies
    JavaScript Database
    Internet Explorer Persistence
    Flash Cookies
    CSS History
    Refresh
    Same Page, Same IP, Different Headers
    Cache and Translation Services
    Uniqueness
    DNS Pinning Part Two
    Biometrics
    Breakout Fraud
    Summary
  Chapter 12 - Denial of Service
    What Are Denial Of Service Attacks?
    Distributed DoS Attacks
    My First Denial of Service Lesson
    Request Flooding
    Identifying Reaction Strategies
    Database DoS
    Targeting Search Facilities
    Unusual DoS Vectors
    Banner Advertising DoS
    Chargeback DoS
    The Great Firewall of China
    Email Blacklisting
    Dealing With Denial Of Service Attacks
    Detection
    Mitigation
    Summary
  Chapter 13 - Rate of Movement
    Rates
    Timing Differences
    CAPTCHAs
    Click Fraud
    Warhol or Flash Worm
    Samy Worm
    Inverse Waterfall
    Pornography Duration
    Repetition
    Scrapers
    Spiderweb
    Summary
  Chapter 14 - Ports, Services, APIs, Protocols and 3rd Parties
    Ports, Services, APIs, Protocols, 3rd Parties, oh my!
    SSL and Man in the middle Attacks
    Performance
    SSL/TLS Abuse
    FTP
    Webmail Compromise
    Third Party APIs and Web Services
    2nd Factor Authentication and Federation
    Other Ports and Services
    Summary
  Chapter 15 - Browser Sniffing
    Browser Detection
    Black Dragon, Master Reconnaissance Tool and BeEF
    Java Internal IP Address
    MIME Encoding and MIME Sniffing
    Windows Media Player "Super Cookie"
    Virtual Machines, Machine Fingerprinting and Applications
    Monkey See Browser Fingerprinting Software - Monkey Do Malware
    Malware and Machine Fingerprinting Value
    Unmasking Anonymous Users
    Java Sockets
    De-cloaking Techniques
    Persistence, Cookies and Flash Cookies Redux
    Additional Browser Fingerprinting Techniques
    Summary
  Chapter 16 - Uploaded Content
    Content
    Images
    Hashing
    Image Watermarking
    Image Steganography
    EXIF Data In Images
    GDI+ Exploit
    Warez
    Child Pornography
    Copyrights and Nefarious Imagery
    Sharm el Sheikh Case Study
    Imagecrash
    Text
    Text Stenography
    Blog and Comment Spam
    Power of the Herd
    Profane Language
    Localization and Internationalization
    HTML
    Summary
  Chapter 17 - Loss Prevention
    Lessons From The Offline World
    Subliminal Imagery
    Security Badges
    Prevention Through Fuzzy Matching
    Manual Fraud Analysis
    Honeytokens
    Summary
  Chapter 18 - Wrapup
    Mood Ring
    Insanity
    Blocking and the 4th Wall Problem
    Booby Trapping Your Application
    Heuristics Age
    Know Thy Enemy
    Race, Sex, Religion
    Profiling
    Ethnographic Landscape
    Calculated Risks
    Correlation and Causality
    Conclusion
  About Robert Hansen

Detecting Malice is written by Robert "RSnake" Hansen, the author of the noted ha.ckers.org web application security lab. Mr. Hansen has spoken at industry conferences around the world and is widely considered to be a foremost expert in web application security and online fraud. Drawing on well over two decades of web application security experience, the book was written to be a relevant look into the deep technical nuances of user interaction. By being extremely observant and having the correct logging in place it is possible to dramatically reduce online fraud. Whether you are simply an enthusiast or are in charge of a Fortune 500, you will gain deep insights into the tools and techniques available to improve fraud loss prevention. Using practical and real-world examples, the book walks through the different layers in a highly digestable way, that is valuable to practitioners at almost every level of technical abilities.


Read what other experts are saying about Detecting Malice:

- "I can tell you that it is, without a doubt, the best web security book I have ever had the pleasure to read." - David Mortman, CSO - Echelon One

- "Detecting Malice is a must-read resource for anyone tasked with protecting a website. It is incredibly detailed and comprehensive, without all the usual cruft you see filling up other books on the topic. If you have a website, have logs, and want to know what the bad guys are trying to do to you (and trust me, we're all targets), then this is the only resource out there to help you understand what they're doing, how to defend yourself, and how to turn the tables and unmask your attacker. It's written in a very accessible informal style, yet still loaded with content and practical examples." - Rich Mogull, CEO - Securosis

- "It approached security from a different perspective than I usually do. As an application developer, I'm usually razor focused on what can break, how it can break, and how to prevent it. I'd never really thought to identify suspicious users or had time to sift through logs and see the interesting and/or aberrant trends. The CSRF detection examples do a great job of illustrating how careful log analysis of strange behavior can help identify known attacks to which your site is vulnerable as well as help identify users worth watching for new attack methods. The focus on what common attacks look like on the server rather than how they work is also useful. It's influenced what I log, how I watch logs, and how I mitigate detected attacks." - Nick Sivo, CTO/Founder - Loopt

- "If you spend millions on Search Marketing or even just a few hundred dollars this book is a must read, don't let your efforts go to waste by being caught out." - David Naylor, CEO - Bronco Web Design

- ""Detecting Malice" really is a fantastic opus of WebAppSec wisdom." - Chris Hoff, Director, Cloud & Virtualization Solutions - Cisco

- "This book leaves the reader with the conclusion why some web-based attacks go unnoticed. It illustrates why our current tools and techniques are not built to detect them...yet! But just wait until the web security vendors read Detecting Malice!" - Quincy Jackson, IT Security Manager

- "Shell out the $39 for the 300 page e-Book Detecting Malice, written by Robert Hansen (aka RSnake, on Twitter at @RSnake) and actually read it. I can't believe I'm actually endorsing a freaking e-Book, but its really that good. I don't know Robert personally, I'm not endorsing it as a favor or because I like him as a person. For all I know he eats puppies for breakfast. But his book is fantastic." - Alison Gianotto, Author of Professional PHP4 Web Development Solutions

- "'He does a great job of covering the landscape, talking in plain language without a lot of technical jargon and with many clear examples.... I highly recommend this book, well worth the time and money. It will stimulate your thinking and certainly raise your level of paranoia, and perhaps level of motivation, to lock things down.'" - David Strom - Owner - David Strom Inc.

- "'Detecing Malice' by Robert 'RSnake' Hansen is a must read for security technologists, especially incident responders attempting to deal with the constantly advancing threats to web applications. 'Detecting Malice' uses simple language to help readers build a complex technical foundation to understand the most current web attack methodologies. More importantly however, Hansen provides real-world examples of attacks and provides methods to determine the intent of an attacker from a seemingly benign piece of information. This blend of technical know-how and psycho-analysis allows the reader a rare opportunity to understand the art of web application security." - Michael Montecillo, Threat Research and Intelligence Principal - IBM Security Services

- "Anyone I bring it up to first complains about the $40 eBook, but it's the best technical book I've bought in a while." - David Meier, Consultant - Aeritae Consulting Group

By purchasing the Detecting Malice anti-fraud eBook you'll get immediate access to:

* 300+ pages of highly technical detail and insights
* Deep de-composition of threats at multiple OSI layers
* Useful examples and real-world vignettes
* Industry insights on detection of malicious activity
* Useful analysis on isolating hack attempts
* Written for businesses and websites of all sizes
* Security content found nowhere else
* Hundreds of examples and pictures
* Written in small bite-sized anecdotes
* Adobe PDF format for easy portability and readability
* Extremely detailed real-life deconstructed hack attempts
* DRM free, allowing you to convert and read it as you see fit

Download your FREE copy of Detecting Malice today

Please contact me if you have any questions, comments or errata.
Copyright © 2001-2021 Robert Hansen - All Rights Reserved. All Wrongs Observed.