When you launch an application on the web, every hacker in the world has access to it. Are you sure your web apps can stand up to the most sophisticated attacks?
Trying to teach yourself about web security from the internet can feel like walking into a huge disorganized library—one where you can never find what you need, and the wrong advice might endanger your application! You need a single, all-in-one guide to securing your apps against all the attacks they can and will face. You need
Grokking Web Application Security.
This brilliantly illustrated and clearly written guide delivers detailed coverage on:
- Browser security, including sandboxing, the same-origin policy, and cookie security
- Securing web servers with input validation, escaping of output, and defense in depth
- A development process that prevents security bugs
- Browser vulnerabilities, from cross-site scripting and cross-site request forgery, to clickjacking
- Network vulnerabilities, such as man-in-the-middle attacks, SSL-stripping, and DNS poisoning
- Authentication vulnerabilities, such as brute forcing of credentials with single sign-on or multi-factor authentication
- Authorization vulnerabilities, such as broken access control and session jacking
- How to use encryption in web applications
- Injection attacks, command execution attacks, and remote code execution attacks
- Malicious payloads that can be used to attack XML parsers and file upload functions
Grokking Web Application Security teaches you how to build web apps that are ready and resilient to any attack. It’s laser-focused on what the working programmer needs to know about web security. In it, you’ll find practical recommendations for both common and not-so-common vulnerabilities—everything from SQL injection to cross-site scripting inclusion attacks. You’ll learn what motivates hackers, discover the latest tools for identifying issues, and set up a development lifecycle that catches problems early. Read it cover to cover for a comprehensive overview of web security, and dip in as a reference whenever you need to tackle a specific vulnerability.