Web Application Security: Exploitation and Countermeasures for Modern Web Applications
暫譯: 網路應用程式安全:現代網路應用程式的利用與對策
Hoffman, Andrew
相關主題
商品描述
In the first edition of this critically acclaimed book, Andrew Hoffman defined the three pillars of application security: reconnaissance, offense, and defense. In this revised and updated second edition, he examines dozens of related topics, from the latest types of attacks and mitigations to threat modeling, the secure software development lifecycle (SSDL/SDLC), and more.
Hoffman, senior staff security engineer at Ripple, also provides information regarding exploits and mitigations for several additional web application technologies such as GraphQL, cloud-based deployments, content delivery networks (CDN) and server-side rendering (SSR). Following the curriculum from the first book, this second edition is split into three distinct pillars comprising three separate skill sets:
- Pillar 1: Recon--Learn techniques for mapping and documenting web applications remotely, including procedures for working with web applications
- Pillar 2: Offense--Explore methods for attacking web applications using a number of highly effective exploits that have been proven by the best hackers in the world. These skills are valuable when used alongside the skills from Pillar 3.
- Pillar 3: Defense--Build on skills acquired in the first two parts to construct effective and long-lived mitigations for each of the attacks described in Pillar 2.
商品描述(中文翻譯)
在這本備受好評的書籍的第一版中,安德魯·霍夫曼(Andrew Hoffman)定義了應用安全的三大支柱:偵查、攻擊和防禦。在這個修訂和更新的第二版中,他探討了數十個相關主題,從最新的攻擊類型和緩解措施到威脅建模、安全軟體開發生命週期(SSDL/SDLC)等。
霍夫曼是Ripple的資深安全工程師,他還提供了有關多種額外網路應用技術的漏洞和緩解措施的信息,例如GraphQL、雲端部署、內容傳遞網路(CDN)和伺服器端渲染(SSR)。這本第二版遵循第一本書的課程,分為三個明確的支柱,涵蓋三個不同的技能組:
- **支柱 1:偵查** -- 學習遠端映射和記錄網路應用的技術,包括與網路應用合作的程序。
- **支柱 2:攻擊** -- 探索使用多種經過世界頂尖駭客驗證的高效漏洞攻擊網路應用的方法。這些技能在與支柱 3 的技能結合使用時非常有價值。
- **支柱 3:防禦** -- 在前兩部分獲得的技能基礎上,為支柱 2 中描述的每一種攻擊構建有效且持久的緩解措施。
