Download free course Web Application Security, pdf file on 331 pages by Andrew Hoffman.
While many resources for network and IT security are available, detailed knowledge regarding modern web application security has been lacking - until now. This practical guide provides both offensive and defensive security concepts that software engineers can easily learn and apply.
Andrew Hoffman, a senior security engineer at Salesforce, introduces three pillars of web application security: recon, offense, and defense. You'll learn methods for effectively researching and analyzing modern web applications - including those you don't have direct access to. You'll also learn how to break into web applications using the latest hacking techniques. Finally, you'll learn how to develop mitigations for use in your own web applications to protect against hackers.
- Explore common vulnerabilities plaguing today's web applications;
- Learn essential hacking techniques attackers use to exploit applications;
- Map and document web applications for which you don't have direct access;
- Develop and deploy customized exploits that can bypass common defenses;
- Develop and deploy mitigations to protect your applications against hackers;
- Integrate secure coding best practices into your development lifecycle;
- Get practical tips to help you improve the overall security of your web applications.
Table of contentsThe History of Software Security
Introduction to Web Application Reconnaissance
The Structure of a Modern Web Application
Finding Subdomains
API Analysis
Identifying Third-Party Dependencies
Identifying Weak Points in Application Architecture
Part I Summary
Introduction to Hacking Web Applications
Cross-Site Scripting (XSS)
Cross-Site Request Forgery (CSRF)
XML External Entity (XXE)
Injection
Denial of Service (DoS)
Exploiting Third-Party Dependencies
Part II Summary
Securing Modern Web Applications
Secure Application Architecture
Reviewing Code for Security
Vulnerability Discovery
Vulnerability Management
Defending Against XSS Attacks
Defending Against CSRF Attacks
Defending Against XXE
Defending Against Injection
Defending Against DoS
Securing Third-Party Dependencies
Part III Summary
Conclusion
Others related eBooks about Web Application Security
MySQL tutorial for professionals
Download free MySQL tutorial course in PDF, training file in 70 chapters and 199 pages. Free unaffiliated ebook created from Stack OverFlow contributor....
You Don't Know JS Yet: Async & Performance - 2nd Edition
No matter how much experience you have with JavaScript, odds are you don't fully understand the language. As part of the "You Don't Know JS" series, this concise yet in-depth guide focuses on new asynchronous features and performance techniques - including Promises, generators, and Web Workers - t...
Building iPhone Apps with HTML, CSS, and JavaScript
It's a fact: if you know HTML, CSS, and JavaScript, you already have the tools you need to..., download free JavaScript tutorial in PDF (186 pages) created by ....
Learning Three.js: The JavaScript 3D Library for WebGL
Three.js is a JavaScript 3D library that offers a wide range of features for creating and ..., download free JavaScript tutorial in PDF (402 pages) created by ....
PrestaShop Administration Guide
Download free course to learn how to build e-commerce store with Prestashop, PDF ebook under 71 pages....
Node.js, a Developer's Guid
Download free course To Learn how to reading documents from the database with Node.js. training PDF tutorial ....
Cascading style sheets (CSS) free pdf tutorial
Download free Cascading style sheets (CSS) course material and training (PDF file 34 pages) designated to beginners....
XML and DTDs
With this tutorial you will learn how to build a Well formed XML document and a corresponding DTD file,a PDF training document under 14 pages by Jacob Cleary....
Real-time Linked Dataspaces
Download free course Real-time Linked Dataspaces, pdf file on 333 pages by Edward Curry....
Advanced javascript
...