Web Application Security

Exploitation and Countermeasures for Modern Web Applications

by Andrew Hoffman

DescriptionTable of ContentsDetailsHashtagsReport an issue

Book Description

While many resources for network and IT security are available, detailed knowledge regarding modern web application security has been lacking - until now. This practical guide provides both offensive and defensive security concepts that software engineers can easily learn and apply.

Andrew Hoffman, a senior security engineer at Salesforce, introduces three pillars of web application security: recon, offense, and defense. You'll learn methods for effectively researching and analyzing modern web applications - including those you don't have direct access to. You'll also learn how to break into web applications using the latest hacking techniques. Finally, you'll learn how to develop mitigations for use in your own web applications to protect against hackers.

- Explore common vulnerabilities plaguing today's web applications;
- Learn essential hacking techniques attackers use to exploit applications;
- Map and document web applications for which you don't have direct access;
- Develop and deploy customized exploits that can bypass common defenses;
- Develop and deploy mitigations to protect your applications against hackers;
- Integrate secure coding best practices into your development lifecycle;
- Get practical tips to help you improve the overall security of your web applications.

This open book is licensed under a Open Publication License (OPL). You can download Web Application Security ebook for free in PDF format (5.2 MB).

Table of Contents

Chapter 1
The History of Software Security
 
Chapter 2
Introduction to Web Application Reconnaissance
 
Chapter 3
The Structure of a Modern Web Application
 
Chapter 4
Finding Subdomains
 
Chapter 5
API Analysis
 
Chapter 6
Identifying Third-Party Dependencies
 
Chapter 7
Identifying Weak Points in Application Architecture
 
Chapter 8
Part I Summary
 
Chapter 9
Introduction to Hacking Web Applications
 
Chapter 10
Cross-Site Scripting (XSS)
 
Chapter 11
Cross-Site Request Forgery (CSRF)
 
Chapter 12
XML External Entity (XXE)
 
Chapter 13
Injection
 
Chapter 14
Denial of Service (DoS)
 
Chapter 15
Exploiting Third-Party Dependencies
 
Chapter 16
Part II Summary
 
Chapter 17
Securing Modern Web Applications
 
Chapter 18
Secure Application Architecture
 
Chapter 19
Reviewing Code for Security
 
Chapter 20
Vulnerability Discovery
 
Chapter 21
Vulnerability Management
 
Chapter 22
Defending Against XSS Attacks
 
Chapter 23
Defending Against CSRF Attacks
 
Chapter 24
Defending Against XXE
 
Chapter 25
Defending Against Injection
 
Chapter 26
Defending Against DoS
 
Chapter 27
Securing Third-Party Dependencies
 
Chapter 28
Part III Summary
 
Chapter 29
Conclusion
 

Book Details

Subject
Computer Science
Publisher
O'Reilly Media
Published
2020
Pages
331
Edition
1
Language
English
ISBN13 Digital
9781492053118
ISBN10 Digital
1492053112
PDF Size
5.2 MB
License
Open Publication License

Related Books

Hacking Exposed Web Applications
In today's world of pervasive Internet connectivity and rapidly evolving Web technology, online security is as critical as it is challenging. With the enhanced availability of information and services online and Web-based attacks and break-ins on the rise, security risks are at an all time high. Hacking Exposed Web Applications shows you, step-by-s...
Application Security in .NET Succinctly
Security in software development should be a first-order requirement, but it's often implemented in projects as an afterthought. With Application Security in .NET Succinctly, author Stan Drapkin provides a refresher of .NET security practices and fills common knowledge gaps for experienced developers and novices alike. Learn about hashes, machine a...
25 Secrets for Faster ASP.NET Applications
Read the tips and tricks recommended by some of the smartest minds in the ASP.NET community. 25 tips from the ASP.NET community for boosting performance in your web applications; Learn the secrets of your fellow developers and read advice from MVPs and other experts; Covers async/await, Web API, ORMs, interactions between your code and your data...
Webapps in Go
The book teaches you how to write web applications in Go without using a framework. It is possible to write a webapp without using any framework in Go. Each new concept will be explained via a valid code example. The book is based of a todo list manager I wrote in Go, and at any point in time, you can check the source code of the todo list manager....
Microservices Best Practices for Java
Microservices is an architectural style in which large, complex software applications are composed of one or more smaller services. Each of these microservices focuses on completing one task that represents a small business capability. These microservices can be developed in any programming language. This book covers Microservices best practices fo...
Modern Web Development on the JAMstack
Learn how to run your web projects - everything from simple sites to complex applications - without a single server. It's possible with the JAMstack, a modern web development architecture for deploying fast, highly-scalable sites and applications that don't require traditional origin infrastructure. This practical report explains how the JAMstack d...