Web Application Security

Exploitation and Countermeasures for Modern Web Applications

by Andrew Hoffman

DescriptionTable of ContentsDetailsHashtagsReport an issue

Book Description

While many resources for network and IT security are available, detailed knowledge regarding modern web application security has been lacking - until now. This practical guide provides both offensive and defensive security concepts that software engineers can easily learn and apply.

Andrew Hoffman, a senior security engineer at Salesforce, introduces three pillars of web application security: recon, offense, and defense. You'll learn methods for effectively researching and analyzing modern web applications - including those you don't have direct access to. You'll also learn how to break into web applications using the latest hacking techniques. Finally, you'll learn how to develop mitigations for use in your own web applications to protect against hackers.

- Explore common vulnerabilities plaguing today's web applications;
- Learn essential hacking techniques attackers use to exploit applications;
- Map and document web applications for which you don't have direct access;
- Develop and deploy customized exploits that can bypass common defenses;
- Develop and deploy mitigations to protect your applications against hackers;
- Integrate secure coding best practices into your development lifecycle;
- Get practical tips to help you improve the overall security of your web applications.

This open book is licensed under a Open Publication License (OPL). You can download Web Application Security ebook for free in PDF format (5.2 MB).

Table of Contents

Chapter 1
The History of Software Security
Chapter 2
Introduction to Web Application Reconnaissance
Chapter 3
The Structure of a Modern Web Application
Chapter 4
Finding Subdomains
Chapter 5
API Analysis
Chapter 6
Identifying Third-Party Dependencies
Chapter 7
Identifying Weak Points in Application Architecture
Chapter 8
Part I Summary
Chapter 9
Introduction to Hacking Web Applications
Chapter 10
Cross-Site Scripting (XSS)
Chapter 11
Cross-Site Request Forgery (CSRF)
Chapter 12
XML External Entity (XXE)
Chapter 13
Injection
Chapter 14
Denial of Service (DoS)
Chapter 15
Exploiting Third-Party Dependencies
Chapter 16
Part II Summary
Chapter 17
Securing Modern Web Applications
Chapter 18
Secure Application Architecture
Chapter 19
Reviewing Code for Security
Chapter 20
Vulnerability Discovery
Chapter 21
Vulnerability Management
Chapter 22
Defending Against XSS Attacks
Chapter 23
Defending Against CSRF Attacks
Chapter 24
Defending Against XXE
Chapter 25
Defending Against Injection
Chapter 26
Defending Against DoS
Chapter 27
Securing Third-Party Dependencies
Chapter 28
Part III Summary
Chapter 29
Conclusion

Book Details

Subject
Computer Science
Publisher
O'Reilly Media
Published
2020
Pages
331
Edition
1
Language
English
ISBN13 Digital
9781492053118
ISBN10 Digital
1492053112
PDF Size
5.2 MB
License
Open Publication License

Related Books

Hacking Exposed Web Applications
In today's world of pervasive Internet connectivity and rapidly evolving Web technology, online security is as critical as it is challenging. With the enhanced availability of information and services online and Web-based attacks and break-ins on the rise, security risks are at an all time high. Hacking Exposed Web Applications shows you, step-by-s...
Application Security in .NET Succinctly
Security in software development should be a first-order requirement, but it's often implemented in projects as an afterthought. With Application Security in .NET Succinctly, author Stan Drapkin provides a refresher of .NET security practices and fills common knowledge gaps for experienced developers and novices alike. Learn about hashes, machine a...
25 Secrets for Faster ASP.NET Applications
Read the tips and tricks recommended by some of the smartest minds in the ASP.NET community. 25 tips from the ASP.NET community for boosting performance in your web applications; Learn the secrets of your fellow developers and read advice from MVPs and other experts; Covers async/await, Web API, ORMs, interactions between your code and your data...
Webapps in Go
The book teaches you how to write web applications in Go without using a framework. It is possible to write a webapp without using any framework in Go. Each new concept will be explained via a valid code example. The book is based of a todo list manager I wrote in Go, and at any point in time, you can check the source code of the todo list manager....
Microservices Best Practices for Java
Microservices is an architectural style in which large, complex software applications are composed of one or more smaller services. Each of these microservices focuses on completing one task that represents a small business capability. These microservices can be developed in any programming language. This book covers Microservices best practices fo...
Modern Web Development on the JAMstack
Learn how to run your web projects - everything from simple sites to complex applications - without a single server. It's possible with the JAMstack, a modern web development architecture for deploying fast, highly-scalable sites and applications that don't require traditional origin infrastructure. This practical report explains how the JAMstack d...