- Browser security, including sandboxing, the same-origin policy, and cookie security
- Securing web servers with input validation, escaping of output, and defense in depth
- A development process that prevents security bugs
- Browser vulnerabilities, from cross-site scripting and cross-site request forgery, to clickjacking
- Network vulnerabilities, such as man-in-the-middle attacks, SSL-stripping, and DNS poisoning
- Authentication vulnerabilities, such as brute forcing of credentials with single sign-on or multi-factor authentication
- Authorization vulnerabilities, such as broken access control and session jacking
- How to use encryption in web applications
- Injection attacks, command execution attacks, and remote code execution attacks
- Malicious payloads that can be used to attack XML parsers and file upload functions
Grokking Web Application Security teaches you how to build web apps that are ready and resilient to any attack. It's laser-focused on what the working programmer needs to know about web security. In it, you'll find practical recommendations for both common and not-so-common vulnerabilities--everything from SQL injection to cross-site scripting inclusion attacks. You'll learn what motivates hackers, discover the latest tools for identifying issues, and set up a development lifecycle that catches problems early. Read it cover to cover for a comprehensive overview of web security, and dip in as a reference whenever you need to tackle a specific vulnerability. Purchase of the print book includes a free eBook in PDF and ePub formats from Manning Publications. About the technology Application security is a front-burner concern for web developers. Whether working on the UI with a frontend framework or building out the server side, it's up to you to understand the threats and know exactly how to keep the black hats from getting the upper hand. About the book Grokking Web Application Security covers everything a working developer needs to know about securing applications in the browser and on the server. The tested techniques apply to any stack and are illustrated with concrete examples plucked from author Malcolm McDonald's extensive career. You'll discover must-implement security principles and even learn the fascinating tools and techniques the bad guys use to crack systems. What's inside
- A security-first development process
- Encryption in web applications
- Supply-chain and API attacks
- What to do when a hacker gets in
1 Know your enemy
2 Browser security
3 Encryption
4 Web server security
5 Security as a process
PART 2
6 Browser vulnerabilities
7 Network vulnerabilities
8 Authentication vulnerabilities
9 Session vulnerabilities
10 Authorization vulnerabilities
11 Payload vulnerabilities
12 Injection vulnerabilities
13 Vulnerabilities in third-party code
14 Being an unwitting accomplice
15 What to do when you get hackede