Web Application Security
Andrew Hoffman, a senior security engineer at Salesforce, introduces three pillars of web application security: recon, offense, and defense. You'll learn methods for effectively researching and analyzing modern web applications - including those you don't have direct access to. You'll also learn how to break into web applications using the latest hacking techniques. Finally, you'll learn how to develop mitigations for use in your own web applications to protect against hackers.
- Explore common vulnerabilities plaguing today's web applications;
- Learn essential hacking techniques attackers use to exploit applications;
- Map and document web applications for which you don't have direct access;
- Develop and deploy customized exploits that can bypass common defenses;
- Develop and deploy mitigations to protect your applications against hackers;
- Integrate secure coding best practices into your development lifecycle;
- Get practical tips to help you improve the overall security of your web applications.
Table of contents
- The History of Software Security
- Introduction to Web Application Reconnaissance
- The Structure of a Modern Web Application
- Finding Subdomains
- API Analysis
- Identifying Third-Party Dependencies
- Identifying Weak Points in Application Architecture
- Part I Summary
- Introduction to Hacking Web Applications
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- XML External Entity (XXE)
- Injection
- Denial of Service (DoS)
- Exploiting Third-Party Dependencies
- Part II Summary
- Securing Modern Web Applications
- Secure Application Architecture
- Reviewing Code for Security
- Vulnerability Discovery
- Vulnerability Management
- Defending Against XSS Attacks
- Defending Against CSRF Attacks
- Defending Against XXE
- Defending Against Injection
- Defending Against DoS
- Securing Third-Party Dependencies
- Part III Summary
- Conclusion
| Pages : | 331 |
| Size : | 5.2 MB |
| File type : | |
| Downloads: | 260 |
| Created: | 2022-02-03 |
| License: | Open Publication License |
| Author(s): | Andrew Hoffman |
Warning: Trying to access array offset on false in /home/tutovnfz/public_html/article.php on line 233
Others related eBooks about Web Application Security
The Web as HistoryDownload free course The Web as History, pdf file on 298 pages by Niels Brügger, Ralph Schroeder....
JavaScript RegExpThe book heavily leans on examples to present features of regular expressions one by one. ..., download free JavaScript tutorial in PDF (59 pages) created by ....
Essential HTMLThis book written to provide clear and concise explanation of topics for programmers both starting to learn the HTML markup language as well as those diving in more complex topics. Most examples are linked to online playground that allows you to change the code and re-run it....
PHP Notes for ProfessionalsDownload free course PHP Notes for Professionals, pdf file on 480 pages by Stack Overflow Community....
Functional-Light JavaScriptThis book is a balanced, pragmatic exploration of Functional Programming in JavaScript. Functional Programming (FP) is an incredibly powerful paradigm for structuring code that yields more robust, verifiable, and readable programs. ...
Learning jQueryDownload free course Learning jQuery, pdf file on 88 pages by Stack Overflow Community....
Download free PHP courseWith this PDF tutorial you will learn the basics of PHP ,understand the working model of PHP to begin coding your own projects and scripts.Free courses under 95 pages designated to beginners....
PHP Notes for ProfessionalsPHP is a server-side scripting language that is widely used for web development. With this book, you will get a deep understanding of the advanced programming concepts in PHP and how to apply it practically....
Download ASP.NET tutorial in PDFDownload free ASP.NET tutorial course in PDF, training file in 31 chapters and 97 pages. Free unaffiliated ebook created from Stack OverFlow contributor....
HTML5 Notes for ProfessionalsDownload free course HTML5 Notes for Professionals, pdf file on 124 pages by Stack Overflow Community....