Identity and Data Security for Web Development: Best Practices

Jonathan LeBlanc, Tim Messerschmidt

  • 出版商: O'Reilly
  • 出版日期: 2016-07-19
  • 定價: $1,360
  • 售價: 9.5$1,292
  • 貴賓價: 9.0$1,224
  • 語言: 英文
  • 頁數: 204
  • 裝訂: Paperback
  • ISBN: 1491937017
  • ISBN-13: 9781491937013
  • 相關分類: 資訊安全
  • 立即出貨 (庫存 < 4)

買這商品的人也買了...

相關主題

商品描述

Developers, designers, engineers, and creators can no longer afford to pass responsibility for identity and data security onto others. Web developers who don’t understand how to obscure data in transmission, for instance, can open security flaws on a site without realizing it. With this practical guide, you’ll learn how and why everyone working on a system needs to ensure that users and data are protected.

Authors Jonathan LeBlanc and Tim Messerschmidt provide a deep dive into the concepts, technology, and programming methodologies necessary to build a secure interface for data and identity—without compromising usability. You’ll learn how to plug holes in existing systems, protect against viable attack vectors, and work in environments that sometimes are naturally insecure.

  • Understand the state of web and application security today
  • Design security password encryption, and combat password attack vectors
  • Create digital fingerprints to identify users through browser, device, and paired device detection
  • Build secure data transmission systems through OAuth and OpenID Connect
  • Use alternate methods of identification for a second factor of authentication
  • Harden your web applications against attack
  • Create a secure data transmission system using SSL/TLS, and synchronous and asynchronous cryptography

商品描述(中文翻譯)

開發人員、設計師、工程師和創作者再也不能將身份和數據安全的責任推給他人。例如,不了解如何在傳輸中隱藏數據的網頁開發人員可能會在不知情的情況下為網站開啟安全漏洞。通過這本實用指南,您將學習到為了保護用戶和數據,每個參與系統開發的人都需要如何確保安全。

作者Jonathan LeBlanc和Tim Messerschmidt深入探討了構建安全的數據和身份界面所需的概念、技術和編程方法,而不會影響可用性。您將學習如何修補現有系統中的漏洞,防範可行的攻擊向量,以及在有時天然不安全的環境中工作。

本書內容包括:
- 了解當今網頁和應用程序安全的狀況
- 設計安全的密碼加密,並對抗密碼攻擊向量
- 通過瀏覽器、設備和配對設備檢測創建數字指紋以識別用戶
- 通過OAuth和OpenID Connect構建安全的數據傳輸系統
- 使用其他身份驗證方法作為第二因素驗證
- 加強網頁應用程序的防禦能力
- 使用SSL/TLS、同步和異步加密創建安全的數據傳輸系統