商品描述
When you launch an application on the web, every hacker in the world has access to it. Are you sure your web apps can stand up to the most sophisticated attacks? Grokking Web Application Security is a brilliantly illustrated and clearly written guide that delivers detailed coverage on:
Grokking Web Application Security teaches you how to build web apps that are ready for and resilient to any attack. It's laser-focused on what the working programmer needs to know about web security, and is fully illustrated with concrete examples and essential advice from author Malcolm McDonald's extensive career. You'll learn what motivates hackers to hack a site, discover the latest tools for identifying security issues, and set up a development lifecycle that catches security issues early. Read it cover to cover for a comprehensive overview of web security, and dip in as a reference whenever you need to tackle a specific vulnerability. Purchase of the print book includes a free eBook in PDF and ePub formats from Manning Publications. About the technology Security is vital for any application, especially those deployed on the web! The internet is full of scripts, bots, and hackers who will seize any opportunity to attack, crack, and hack your site for their own ends. It doesn't matter which part of a web app you work with--security vulnerabilities can be found in both frontends and backends. Luckily, this comprehensive guide is here with no-nonsense advice that will keep your web apps safe. About the book Grokking Web Application Security teaches you everything you need to know to secure your web applications in the browser, on the server, and even at the code level. The book is perfect for both junior and experienced learners. It's written to be language-agnostic, with advice and vulnerability insights that will work with any stack. You'll begin with the foundations of web security and then dive into dozens of practical security recommendations for both common and not-so-common vulnerabilities--everything from SQL injection to cross-site scripting inclusion attacks. Explore growing modern threats like supply-chain attacks and attacks on APIs, learn about cryptography and how it applies to the web, and discover how to pick up the pieces after a hacker has successfully gotten inside your app. About the reader For junior web developers who know the basics of web programming, or more experienced developers looking for concrete advice on solving vulnerabilities. About the author Malcolm McDonald is the creator of hacksplaining.com, a comprehensive and interactive security training solution that helps working web developers brush up on their security knowledge. He is a security engineer with 20 years of experience across investment banking, start-ups, and PayPal. He has personally trained thousands of developers in web security over his career.
- How the browser security model works, including sandboxing, the same-origin policy, and methods of securing cookies
- Securing web servers with input validation, escaping of output, and defense in depth
- A development process that prevents security bugs
- Protecting yourself from browser vulnerabilities such as cross-site scripting, cross-site request forgery, and clickjacking
- Network vulnerabilities like man-in-the-middle attacks, SSL-stripping, and DNS poisoning
- Preventing authentication vulnerabilities that allow brute forcing of credentials by using single sign-on or multi-factor authentication
- Authorization vulnerabilities like broken access control and session jacking
- How to use encryption in web applications
- Injection attacks, command execution attacks, and remote code execution attacks
- Malicious payloads that can be used to attack XML parsers, and file upload functions
Grokking Web Application Security teaches you how to build web apps that are ready for and resilient to any attack. It's laser-focused on what the working programmer needs to know about web security, and is fully illustrated with concrete examples and essential advice from author Malcolm McDonald's extensive career. You'll learn what motivates hackers to hack a site, discover the latest tools for identifying security issues, and set up a development lifecycle that catches security issues early. Read it cover to cover for a comprehensive overview of web security, and dip in as a reference whenever you need to tackle a specific vulnerability. Purchase of the print book includes a free eBook in PDF and ePub formats from Manning Publications. About the technology Security is vital for any application, especially those deployed on the web! The internet is full of scripts, bots, and hackers who will seize any opportunity to attack, crack, and hack your site for their own ends. It doesn't matter which part of a web app you work with--security vulnerabilities can be found in both frontends and backends. Luckily, this comprehensive guide is here with no-nonsense advice that will keep your web apps safe. About the book Grokking Web Application Security teaches you everything you need to know to secure your web applications in the browser, on the server, and even at the code level. The book is perfect for both junior and experienced learners. It's written to be language-agnostic, with advice and vulnerability insights that will work with any stack. You'll begin with the foundations of web security and then dive into dozens of practical security recommendations for both common and not-so-common vulnerabilities--everything from SQL injection to cross-site scripting inclusion attacks. Explore growing modern threats like supply-chain attacks and attacks on APIs, learn about cryptography and how it applies to the web, and discover how to pick up the pieces after a hacker has successfully gotten inside your app. About the reader For junior web developers who know the basics of web programming, or more experienced developers looking for concrete advice on solving vulnerabilities. About the author Malcolm McDonald is the creator of hacksplaining.com, a comprehensive and interactive security training solution that helps working web developers brush up on their security knowledge. He is a security engineer with 20 years of experience across investment banking, start-ups, and PayPal. He has personally trained thousands of developers in web security over his career.
商品描述(中文翻譯)
當你在網路上啟動一個應用程式時,世界上每一位駭客都可以訪問它。你確定你的網頁應用程式能抵擋最複雜的攻擊嗎?
深入理解網頁應用程式安全 是一本插圖精美且文字清晰的指南,詳細介紹了以下內容:- 瀏覽器安全模型的運作方式,包括沙盒技術、同源政策以及保護 cookies 的方法
- 透過輸入驗證、輸出轉義和深度防禦來保護網頁伺服器
- 防止安全漏洞的開發流程
- 保護自己免受瀏覽器漏洞的影響,例如跨站腳本攻擊、跨站請求偽造和點擊劫持
- 網路漏洞,如中間人攻擊、SSL 剝離和 DNS 中毒
- 防止身份驗證漏洞,通過使用單一登入或多因素身份驗證來避免憑證的暴力破解
- 授權漏洞,如破損的存取控制和會話劫持
- 如何在網頁應用程式中使用加密
- 注入攻擊、命令執行攻擊和遠端代碼執行攻擊
- 可用於攻擊 XML 解析器和檔案上傳功能的惡意載荷
深入理解網頁應用程式安全 教你如何構建準備好並能抵抗任何攻擊的網頁應用程式。它專注於工作程式設計師需要了解的網頁安全知識,並配有具體的範例和作者 Malcolm McDonald 廣泛職業生涯中的重要建議。你將了解駭客攻擊網站的動機,發現識別安全問題的最新工具,並設置一個能夠及早發現安全問題的開發生命週期。從頭到尾閱讀,獲得網頁安全的全面概述,並在需要解決特定漏洞時作為參考。 購買印刷版書籍可獲得 Manning Publications 提供的免費 PDF 和 ePub 格式電子書。 關於技術 安全對於任何應用程式都是至關重要的,尤其是那些部署在網路上的應用程式!互聯網充滿了腳本、機器人和駭客,他們會抓住任何機會來攻擊、破解和入侵你的網站以達到自己的目的。無論你與網頁應用程式的哪一部分打交道,安全漏洞都可能出現在前端和後端。幸運的是,這本全面的指南提供了不含廢話的建議,能夠保護你的網頁應用程式安全。 關於這本書 深入理解網頁應用程式安全 教你所有需要知道的知識,以保護你的網頁應用程式在瀏覽器、伺服器甚至代碼層級的安全。這本書非常適合初學者和有經驗的學習者。它的寫作不依賴於特定語言,提供的建議和漏洞見解適用於任何技術棧。 你將從網頁安全的基礎開始,然後深入探討針對常見和不常見漏洞的數十條實用安全建議——從 SQL 注入到跨站腳本包含攻擊。探索日益增長的現代威脅,如供應鏈攻擊和針對 API 的攻擊,了解加密技術及其在網路中的應用,並發現如何在駭客成功入侵你的應用程式後收拾殘局。 關於讀者 適合了解網頁程式設計基礎的初級網頁開發者,或尋求具體建議以解決漏洞的更有經驗的開發者。 關於作者 Malcolm McDonald 是 hacksplaining.com 的創建者,這是一個全面且互動的安全培訓解決方案,幫助在職網頁開發者提升他們的安全知識。他是一位擁有 20 年經驗的安全工程師,曾在投資銀行、初創公司和 PayPal 工作。他在職業生涯中親自培訓了數千名網頁安全開發者。
