Grokking Web Application Security

McDonald, Malcolm

  • 出版商: Manning
  • 出版日期: 2024-06-11
  • 定價: $2,140
  • 售價: 9.5$2,033
  • 語言: 英文
  • 頁數: 336
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1633438260
  • ISBN-13: 9781633438262
  • 相關分類: 資訊安全
  • 立即出貨 (庫存 < 3)

相關主題

商品描述

When you launch an application on the web, every hacker in the world has access to it. Are you sure your web apps can stand up to the most sophisticated attacks?

Grokking Web Application Security is a brilliantly illustrated and clearly written guide that delivers detailed coverage on:

  • How the browser security model works, including sandboxing, the same-origin policy, and methods of securing cookies
  • Securing web servers with input validation, escaping of output, and defense in depth
  • A development process that prevents security bugs
  • Protecting yourself from browser vulnerabilities such as cross-site scripting, cross-site request forgery, and clickjacking
  • Network vulnerabilities like man-in-the-middle attacks, SSL-stripping, and DNS poisoning
  • Preventing authentication vulnerabilities that allow brute forcing of credentials by using single sign-on or multi-factor authentication
  • Authorization vulnerabilities like broken access control and session jacking
  • How to use encryption in web applications
  • Injection attacks, command execution attacks, and remote code execution attacks
  • Malicious payloads that can be used to attack XML parsers, and file upload functions

Grokking Web Application Security teaches you how to build web apps that are ready for and resilient to any attack. It's laser-focused on what the working programmer needs to know about web security, and is fully illustrated with concrete examples and essential advice from author Malcolm McDonald's extensive career. You'll learn what motivates hackers to hack a site, discover the latest tools for identifying security issues, and set up a development lifecycle that catches security issues early. Read it cover to cover for a comprehensive overview of web security, and dip in as a reference whenever you need to tackle a specific vulnerability.

Purchase of the print book includes a free eBook in PDF and ePub formats from Manning Publications.

About the technology

Security is vital for any application, especially those deployed on the web! The internet is full of scripts, bots, and hackers who will seize any opportunity to attack, crack, and hack your site for their own ends. It doesn't matter which part of a web app you work with--security vulnerabilities can be found in both frontends and backends. Luckily, this comprehensive guide is here with no-nonsense advice that will keep your web apps safe.

About the book

Grokking Web Application Security teaches you everything you need to know to secure your web applications in the browser, on the server, and even at the code level. The book is perfect for both junior and experienced learners. It's written to be language-agnostic, with advice and vulnerability insights that will work with any stack.

You'll begin with the foundations of web security and then dive into dozens of practical security recommendations for both common and not-so-common vulnerabilities--everything from SQL injection to cross-site scripting inclusion attacks. Explore growing modern threats like supply-chain attacks and attacks on APIs, learn about cryptography and how it applies to the web, and discover how to pick up the pieces after a hacker has successfully gotten inside your app.

About the reader

For junior web developers who know the basics of web programming, or more experienced developers looking for concrete advice on solving vulnerabilities.

About the author

Malcolm McDonald is the creator of hacksplaining.com, a comprehensive and interactive security training solution that helps working web developers brush up on their security knowledge. He is a security engineer with 20 years of experience across investment banking, start-ups, and PayPal. He has personally trained thousands of developers in web security over his career.

商品描述(中文翻譯)

當你在網上啟動一個應用程序時,全世界的黑客都可以訪問它。你確定你的網絡應用程序能夠抵擋最複雜的攻擊嗎?

《深入理解網絡應用程序安全》是一本精心插圖且寫得清晰的指南,詳細介紹了以下內容:
- 瀏覽器安全模型的工作原理,包括沙盒、同源策略以及保護 cookie 的方法
- 通過輸入驗證、輸出轉義和深度防禦來保護網絡服務器
- 防止安全漏洞的開發過程
- 保護自己免受瀏覽器漏洞的影響,如跨站腳本攻擊、跨站請求偽造和點擊劫持
- 網絡漏洞,如中間人攻擊、SSL剝離和DNS污染
- 防止身份驗證漏洞,通過使用單點登錄或多因素身份驗證來防止密碼的暴力破解
- 授權漏洞,如破壞的訪問控制和會話劫持
- 如何在網絡應用程序中使用加密
- 注入攻擊、命令執行攻擊和遠程代碼執行攻擊
- 可以用於攻擊 XML 解析器和文件上傳功能的惡意載荷

《深入理解網絡應用程序安全》教你如何構建能夠應對任何攻擊的網絡應用程序。它專注於工作程序員需要了解的網絡安全知識,並通過具體的示例和作者 Malcolm McDonald 在廣泛的職業生涯中獲得的寶貴建議進行全面說明。你將了解黑客入侵網站的動機,探索最新的用於識別安全問題的工具,並建立一個能夠及早發現安全問題的開發生命周期。你可以從頭到尾閱讀,獲得對網絡安全的全面概述,也可以在需要解決特定漏洞時作為參考。

購買印刷版書籍還包括 Manning Publications 提供的 PDF 和 ePub 格式的免費電子書。

關於技術:
對於任何應用程序,尤其是在網絡上部署的應用程序,安全性至關重要!互聯網上充斥著腳本、機器人和黑客,他們會抓住任何機會來攻擊、破解和入侵你的網站以達到他們自己的目的。無論你在網絡應用程序的哪個部分工作,安全漏洞都可能存在於前端和後端。幸運的是,這本全面的指南提供了實用的建議,可以確保你的網絡應用程序安全。

關於本書:
《深入理解網絡應用程序安全》教你如何在瀏覽器、服務器甚至代碼層面上保護你的網絡應用程序。這本書非常適合初學者和有經驗的學習者。它的內容與語言無關,提供了適用於任何技術堆棧的建議和漏洞見解。

你將從網絡安全的基礎開始,然後深入探討數十種常見和不太常見的漏洞,包括 SQL 注入和跨站腳本包含攻擊等。探索現代威脅,如供應鏈攻擊和對 API 的攻擊,了解密碼學及其在網絡中的應用,並在黑客成功入侵你的應用程序後如何恢復。

關於讀者:
適合初級網絡開發人員,他們了解網絡編程的基礎,或者有經驗的開發人員,尋求解決漏洞的具體建議。

關於作者:
Malcolm McDonald 是 hacksplaining.com 的創建者,這是一個全面且互動的安全培訓解決方案,幫助工作中的網絡開發人員提高他們的安全知識。他是一名安全工程師,在投資銀行、初創公司和 PayPal 等領域擁有 20 年的經驗。他個人在職業生涯中培訓了成千上萬的開發人員,教授網絡安全知識。