Web Application Security
Exploitation and Countermeasures for Modern Web Applications
by Andrew Hoffman
DescriptionTable of ContentsDetailsHashtagsReport an issue
Andrew Hoffman, a senior security engineer at Salesforce, introduces three pillars of web application security: recon, offense, and defense. You'll learn methods for effectively researching and analyzing modern web applications - including those you don't have direct access to. You'll also learn how to break into web applications using the latest hacking techniques. Finally, you'll learn how to develop mitigations for use in your own web applications to protect against hackers.
- Explore common vulnerabilities plaguing today's web applications;
- Learn essential hacking techniques attackers use to exploit applications;
- Map and document web applications for which you don't have direct access;
- Develop and deploy customized exploits that can bypass common defenses;
- Develop and deploy mitigations to protect your applications against hackers;
- Integrate secure coding best practices into your development lifecycle;
- Get practical tips to help you improve the overall security of your web applications. 
Book Description
While many resources for network and IT security are available, detailed knowledge regarding modern web application security has been lacking - until now. This practical guide provides both offensive and defensive security concepts that software engineers can easily learn and apply.Andrew Hoffman, a senior security engineer at Salesforce, introduces three pillars of web application security: recon, offense, and defense. You'll learn methods for effectively researching and analyzing modern web applications - including those you don't have direct access to. You'll also learn how to break into web applications using the latest hacking techniques. Finally, you'll learn how to develop mitigations for use in your own web applications to protect against hackers.
- Explore common vulnerabilities plaguing today's web applications;
- Learn essential hacking techniques attackers use to exploit applications;
- Map and document web applications for which you don't have direct access;
- Develop and deploy customized exploits that can bypass common defenses;
- Develop and deploy mitigations to protect your applications against hackers;
- Integrate secure coding best practices into your development lifecycle;
- Get practical tips to help you improve the overall security of your web applications.
This open access book is Complimented by Nginx. You can download Web Application Security ebook for free in PDF format (5.2 MB).
Table of Contents
Chapter 1
The History of Software Security
Chapter 2
Introduction to Web Application Reconnaissance
Chapter 3
The Structure of a Modern Web Application
Chapter 4
Finding Subdomains
Chapter 5
API Analysis
Chapter 6
Identifying Third-Party Dependencies
Chapter 7
Identifying Weak Points in Application Architecture
Chapter 8
Part I Summary
Chapter 9
Introduction to Hacking Web Applications
Chapter 10
Cross-Site Scripting (XSS)
Chapter 11
Cross-Site Request Forgery (CSRF)
Chapter 12
XML External Entity (XXE)
Chapter 13
Injection
Chapter 14
Denial of Service (DoS)
Chapter 15
Exploiting Third-Party Dependencies
Chapter 16
Part II Summary
Chapter 17
Securing Modern Web Applications
Chapter 18
Secure Application Architecture
Chapter 19
Reviewing Code for Security
Chapter 20
Vulnerability Discovery
Chapter 21
Vulnerability Management
Chapter 22
Defending Against XSS Attacks
Chapter 23
Defending Against CSRF Attacks
Chapter 24
Defending Against XXE
Chapter 25
Defending Against Injection
Chapter 26
Defending Against DoS
Chapter 27
Securing Third-Party Dependencies
Chapter 28
Part III Summary
Chapter 29
Conclusion
Book Details
Title
Web Application Security
Subject
Computer Science
Publisher
O'Reilly Media
Published
2020
Pages
331
Edition
1
Language
English
ISBN13 Digital
9781492053118
ISBN10 Digital
1492053112
PDF Size
5.2 MB
License
Compliments of Nginx
Related Books
In today's world of pervasive Internet connectivity and rapidly evolving Web technology, online security is as critical as it is challenging. With the enhanced availability of information and services online and Web-based attacks and break-ins on the rise, security risks are at an all time high. Hacking Exposed Web Applications shows you, step...
This guide is a practical introduction to web application development with Spring Boot and Vaadin.
It covers the entire development process, from setup to deployment, following a step-by-step approach. You can replicate each section at your own pace as you follow along.
The content is suitable for anyone familiar with Java who wants to build ...
The audience for this guide is mainly developers, development leads, and architects who are interested in building modern web applications using Microsoft technologies and services in the cloud.
A secondary audience is technical decision makers who are already familiar ASP.NET or Azure and are looking for information on whether it makes sense to...
Security in software development should be a first-order requirement, but it's often implemented in projects as an afterthought. With Application Security in .NET Succinctly, author Stan Drapkin provides a refresher of .NET security practices and fills common knowledge gaps for experienced developers and novices alike. Learn about hashes, mach...
Read the tips and tricks recommended by some of the smartest minds in the ASP.NET community.
25 tips from the ASP.NET community for boosting performance in your web applications; Learn the secrets of your fellow developers and read advice from MVPs and other experts; Covers async/await, Web API, ORMs, interactions between your code and your data...
The book teaches you how to write web applications in Go without using a framework. It is possible to write a webapp without using any framework in Go. Each new concept will be explained via a valid code example. The book is based of a todo list manager I wrote in Go, and at any point in time, you can check the source code of the todo list manager....