When you launch an application on the web, every hacker in the world has access to it. Are you sure your web apps can stand up to the most sophisticated attacks?
Trying to teach yourself about web security from the internet can feel like walking into a huge disorganized library—one where you can never find what you need, and the wrong advice might endanger your application! You need a single, all-in-one guide to securing your apps against all the attacks they can and will face. You need Grokking Web Application Security.
This brilliantly illustrated and clearly written guide delivers detailed coverage on:
- Browser security, including sandboxing, the same-origin policy, and cookie security
- Securing web servers with input validation, escaping of output, and defense in depth
- A development process that prevents security bugs
- Browser vulnerabilities, from cross-site scripting and cross-site request forgery, to clickjacking
- Network vulnerabilities, such as man-in-the-middle attacks, SSL-stripping, and DNS poisoning
- Authentication vulnerabilities, such as brute forcing of credentials with single sign-on or multi-factor authentication
- Authorization vulnerabilities, such as broken access control and session jacking
- How to use encryption in web applications
- Injection attacks, command execution attacks, and remote code execution attacks
- Malicious payloads that can be used to attack XML parsers and file upload functions
Grokking Web Application Security teaches you how to build web apps that are ready and resilient to any attack. It’s laser-focused on what the working programmer needs to know about web security. In it, you’ll find practical recommendations for both common and not-so-common vulnerabilities—everything from SQL injection to cross-site scripting inclusion attacks. You’ll learn what motivates hackers, discover the latest tools for identifying issues, and set up a development lifecycle that catches problems early. Read it cover to cover for a comprehensive overview of web security, and dip in as a reference whenever you need to tackle a specific vulnerability.
Purchase of the print book includes a free eBook in PDF and ePub formats from Manning Publications.
About the technology
Application security is a front-burner concern for web developers. Whether working on the UI with a frontend framework or building out the server side, it’s up to you to understand the threats and know exactly how to keep the black hats from getting the upper hand.
About the book
Grokking Web Application Security covers everything a working developer needs to know about securing applications in the browser and on the server. The tested techniques apply to any stack and are illustrated with concrete examples plucked from author Malcolm McDonald’s extensive career. You’ll discover must-implement security principles and even learn the fascinating tools and techniques the bad guys use to crack systems.
What's inside
- A security-first development process
- Encryption in web applications
- Supply-chain and API attacks
- What to do when a hacker gets in
About the Author
Malcolm McDonald is the creator of hacksplaining.com, a comprehensive and interactive security training solution that helps working web developers brush up on their security knowledge. He is a security engineer with 20 years of experience across investment banking, start-ups, and PayPal. He has personally trained thousands of developers in web security over his career.
Table of Contents
PART 1
1 Know your enemy
2 Browser security
3 Encryption
4 Web server security
5 Security as a process
PART 2
6 Browser vulnerabilities
7 Network vulnerabilities
8 Authentication vulnerabilities
9 Session vulnerabilities
10 Authorization vulnerabilities
11 Payload vulnerabilities
12 Injection vulnerabilities
13 Vulnerabilities in third-party code
14 Being an unwitting accomplice
15 What to do when you get hackeded
Ebook License
End-User Warranty And License Agreement
1. Grant Of License
Manning Has Authorized The Download By You Of An Unrestricted Number Of Copies Of The Electronic Book (Ebook) In Any Of The Available Formats. Manning Grants You A Nonexclusive, Nontransferable License To Use The Ebook According To The Terms And Conditions Herein. This License Agreement Permits You To Install The Ebook On Any And All Your Devices For Your Personal Use Only.
2. Restrictions
You Shall Not: (1) Share, Resell, Rent, Assign, Timeshare, Distribute, Or Transfer All Or Part Of The Ebook Or Any Rights Granted Hereunder To Any Other Person; (2) Duplicate The Ebook, Except For A Single Backup Or Archival Copy; (3) Remove Any Proprietary Notices, Labels, Or Marks From The Ebook; (4) Transfer Or Sublicense Title To The Ebook To Any Other Party.
3. Intellectual Property Protection
The Ebook Is Owned By Manning And Is Protected By United States And International Copyright And Other Intellectual Property Laws. Manning Reserves All Rights In The Ebook Not Expressly Granted Herein. This License And Your Right To Use The Ebook Terminate Automatically If You Violate Any Part Of This Agreement. In The Event Of Termination, You Must Remove The Original And Any Copies Of The Ebook From All Your Devices.
4. Source Code Supplementary Material
Any Source Code Files Provided As A Supplement To The Book Are Freely Available To The Public For Download. Reuse Of The Code Is Permitted, In Whole Or In Part, Including The Creation Of Derivative Works, Provided That You Acknowledge That You Are Using It And Identify The Source: Title, Publisher And Year.
5. Limited Warranty
Manning Warrants That The Ebook Files, A Copy Of Which You Are Authorized To Download, Are Free From Defects In The Operational Sense That They Can Be Read By A Pdf Reader Or Epub Reader, Or Other. Except For This Express Limited Warranty, Manning Makes And You Receive No Warranties, Express, Implied, Statutory Or In Any Communication With You, And Manning Specifically Disclaims Any Other Warranty Including The Implied Warranty Of Merchantability Or Fitness Or A Particular Purpose. Manning Does Not Warrant That The Operation Of The Ebook Will Be Uninterrupted Or Error Free. If The Ebook Was Purchased In The United States, The Above Exclusions May Not Apply To You As Some States Do Not Allow The Exclusion Of Implied Warranties. In Addition To The Above Warranty Rights, You May Also Have Other Rights That Vary From State To State.
6. Limitation Of Liability
In No Event Will Manning Be Liable For Any Damages, Whether Arising For Tort Or Contract, Including Loss Of Data, Lost Profits, Or Other Special, Incidental, Consequential, Or Indirect Damages Arising Out Of The Use Or Inability To Use The Ebook.
7. General
This Agreement Constitutes The Entire Agreement Between You And Manning And Supersedes Any Prior Agreement Concerning The Ebook. This Agreement Is Governed By The Laws Of The State Of New York
