Companies Home Search Profile

Web Application Security: Exploitation and Countermeasures for Modern Web Applications

Web Application Security: Exploitation and Countermeasures for Modern Web Applications

Download pdf

Web Application Security: Exploitation and Countermeasures for Modern Web Applications

Web Application Security: Exploitation and Countermeasures for Modern Web Applications

Category

Software Engineering

Cyber Security

Cloud Computing

Author

Andrew Hoffman

Publication

OReilly Media

0 View

While many resources for network and IT security are available, detailed knowledge regarding modern web application security has been lackinguntil now. This practical guide provides both offensive and defensive security concepts that software engineers can easily learn and apply.

Andrew Hoffman, a senior security engineer at Salesforce, introduces three pillars of web application security: recon, offense, and defense. Youll learn methods for effectively researching and analyzing modern web applicationsincluding those you dont have direct access to. Youll also learn how to break into web applications using the latest hacking techniques. Finally, youll learn how to develop mitigations for use in your own web applications to protect against hackers.

Explore common vulnerabilities plaguing today\'s web applications
Learn essential hacking techniques attackers use to exploit applications
Map and document web applications for which you dont have direct access
Develop and deploy customized exploits that can bypass common defenses
Develop and deploy mitigations to protect your applications against hackers
Integrate secure coding best practices into your development lifecycle
Get practical tips to help you improve the overall security of your web applications

'

Download pdf

ISBN-10

1492053112

ISBN-13

978-1492053118

Publisher

OReilly Media

Price

31.99

File Type

PDF

Page No.

330

Andrew Hoffman

Andrew Hoffman is a senior product security engineer at Salesforce.com, where he is responsible for ...

About the Author

Andrew Hoffman is a senior product security engineer at Salesforce.com, where he is responsible for the security of multiple JavaScript, NodeJS, and OSS teams. His expertise is in deep DOM and JavaScript security vulnerabilities. He has worked with every major browser vendor, as well as with TC39 and WHATWG ? the organizations responsible for the upcoming version of JavaScript and the browser DOM spec.
Prior to this role, Andrew was a software security engineer working on Locker Service, the world's first JavaScript namespace isolation library that operates from the interpreter level up. In parallel, Andrew also contributed to the upcoming JavaScript language security feature "Realms," which provides language level namespace isolation to JavaScript.

Similar Books

Advances in Computer Science for Engineering and Manufacturing (Lecture Notes in Networks and Systems Book 463)

Advances in Computer Science for Engineering and Manufacturing (Lecture Notes in Networks and Systems Book 463)

Zhengbing Hu

Software Engineering

Fundamental Approaches to Software Engineering: 25th International Conference, FASE 2022, Held as Part of the European Joint Conferences on Theory and ... Notes in Computer Science Book 13241)

Fundamental Approaches to Software Engineering: 25th International Conference, FASE 2022, Held as Part of the European Joint Conferences on Theory and ... Notes in Computer Science Book 13241)

Einar Broch Johnsen

Software Engineering

Programming Languages and Systems: 31st European Symposium on Programming, ESOP 2022, Held as Part of the European Joint Conferences on Theory and Practice ... Notes in Computer Science Book 13240)

Programming Languages and Systems: 31st European Symposium on Programming, ESOP 2022, Held as Part of the European Joint Conferences on Theory and Practice ... Notes in Computer Science Book 13240)

Ilya Sergey

Software Engineering

Accelerator Programming Using Directives: 8th International Workshop, WACCPD 2021, Virtual Event, November 14, 2021, Proceedings (Lecture Notes in Computer Science Book 13194)

Accelerator Programming Using Directives: 8th International Workshop, WACCPD 2021, Virtual Event, November 14, 2021, Proceedings (Lecture Notes in Computer Science Book 13194)

Sridutt Bhalachandra

Software Engineering

Engineering Multi-Agent Systems: 9th International Workshop, EMAS 2021, Virtual Event, May 3–4, 2021, Revised Selected Papers (Lecture Notes in Computer Science Book 13190)

Engineering Multi-Agent Systems: 9th International Workshop, EMAS 2021, Virtual Event, May 3–4, 2021, Revised Selected Papers (Lecture Notes in Computer Science Book 13190)

Natasha Alechina

Software Engineering

Inductive Logic Programming: 30th International Conference, ILP 2021, Virtual Event, October 25–27, 2021, Proceedings (Lecture Notes in Computer Science Book 13191)

Inductive Logic Programming: 30th International Conference, ILP 2021, Virtual Event, October 25–27, 2021, Proceedings (Lecture Notes in Computer Science Book 13191)

Nikos Katzouris

Software Engineering

Dependable Software Engineering. Theories, Tools, and Applications: 7th International Symposium, SETTA 2021, Beijing, China, November 25–27, 2021, Proceedings ... Notes in Computer Science Book 13071)

Dependable Software Engineering. Theories, Tools, and Applications: 7th International Symposium, SETTA 2021, Beijing, China, November 25–27, 2021, Proceedings ... Notes in Computer Science Book 13071)

Shengchao Qin

Software Engineering

Applied and Computational Optimal Control: A Control Parametrization Approach (Springer Optimization and Its Applications Book 171)

Applied and Computational Optimal Control: A Control Parametrization Approach (Springer Optimization and Its Applications Book 171)

Kok Lay Teo

Software Engineering

Formal Methods for Software Engineering: Languages, Methods, Application Domains (Texts in Theoretical Computer Science. An EATCS Series)

Formal Methods for Software Engineering: Languages, Methods, Application Domains (Texts in Theoretical Computer Science. An EATCS Series)

Markus Roggenbach

Software Engineering

The C++ Workshop: Learn to write clean, maintainable code in C++ and advance your career in software engineering

The C++ Workshop: Learn to write clean, maintainable code in C++ and advance your career in software engineering

Dale Green

Software Engineering

Hands-On Game Development with WebAssembly: Learn WebAssembly C++ programming by building a retro space game

Hands-On Game Development with WebAssembly: Learn WebAssembly C++ programming by building a retro space game

Rick Battagline

Software Engineering

SAP Intelligent RPA for Developers: Automate business processes using SAP Intelligent RPA and learn the migration path to SAP Process Automation

SAP Intelligent RPA for Developers: Automate business processes using SAP Intelligent RPA and learn the migration path to SAP Process Automation

Vijaya Kumar Ganugula

Software Engineering

Cybersecurity Awareness (Advances in Information Security, 88)

Cybersecurity Awareness (Advances in Information Security, 88)

Jerry Andriessen

Security and Artificial Intelligence: A Crossdisciplinary Approach (Lecture Notes in Computer Science, 13049)

Security and Artificial Intelligence: A Crossdisciplinary Approach (Lecture Notes in Computer Science, 13049)

Lejla Batina

Artificial Intelligence

Artificial Intelligence for Cybersecurity (Advances in Information Security Book 54)

Artificial Intelligence for Cybersecurity (Advances in Information Security Book 54)

Mark Stamp

Artificial Intelligence

Machine Learning for Cyber Agents: Attack and Defence (Advanced Sciences and Technologies for Security Applications)

Machine Learning for Cyber Agents: Attack and Defence (Advanced Sciences and Technologies for Security Applications)

Stanislav Abaimov

Machine Learning

Cyber Security: Critical Infrastructure Protection (Computational Methods in Applied Sciences Book 56)

Cyber Security: Critical Infrastructure Protection (Computational Methods in Applied Sciences Book 56)

Martti Lehto

Law and Technology in a Global Digital Society: Autonomous Systems, Big Data, IT Security and Legal Tech

Law and Technology in a Global Digital Society: Autonomous Systems, Big Data, IT Security and Legal Tech

Georg Borges

Quantum Computing Environments

Quantum Computing Environments

Sitharama S. Iyengar

Advances in Computing, Informatics, Networking and Cybersecurity: A Book Honoring Professor Mohammad S. Obaidat’s Significant Scientific Contributions (Lecture Notes in Networks and Systems 289)

Advances in Computing, Informatics, Networking and Cybersecurity: A Book Honoring Professor Mohammad S. Obaidat’s Significant Scientific Contributions (Lecture Notes in Networks and Systems 289)

Sudip Misra

Handbook of Digital Face Manipulation and Detection: From DeepFakes to Morphing Attacks (Advances in Computer Vision and Pattern Recognition)

Handbook of Digital Face Manipulation and Detection: From DeepFakes to Morphing Attacks (Advances in Computer Vision and Pattern Recognition)

Christian Rathgeb

Viruses, Hardware and Software Trojans: Attacks and Countermeasures

Viruses, Hardware and Software Trojans: Attacks and Countermeasures

Anatoly Belous

Cyber Warfare – Truth, Tactics, and Strategies: Strategic concepts and truths to help you and your organization survive on the battleground of cyber warfare

Cyber Warfare – Truth, Tactics, and Strategies: Strategic concepts and truths to help you and your organization survive on the battleground of cyber warfare

Chase Cunningham

Cybersecurity – Attack and Defense Strategies: Improve your security posture to mitigate risks and prevent attackers from infiltrating your system, 3rd Edition

Cybersecurity – Attack and Defense Strategies: Improve your security posture to mitigate risks and prevent attackers from infiltrating your system, 3rd Edition

Yuri Diogenes

Service-Oriented and Cloud Computing: 9th IFIP WG 6.12 European Conference, ESOCC 2022, Wittenberg, Germany, March 22–24, 2022, Proceedings (Lecture Notes in Computer Science, 13226)

Service-Oriented and Cloud Computing: 9th IFIP WG 6.12 European Conference, ESOCC 2022, Wittenberg, Germany, March 22–24, 2022, Proceedings (Lecture Notes in Computer Science, 13226)

Fabrizio Montesi

Cloud Computing

The Influence of Delay on Cloud Gaming Quality of Experience (T-Labs Series in Telecommunication Services)

The Influence of Delay on Cloud Gaming Quality of Experience (T-Labs Series in Telecommunication Services)

Saeed Shafiee Sabet

Cloud Computing

Cloud Computing: 11th EAI International Conference, CloudComp 2021, Virtual Event, December 9–10, 2021, Proceedings (Lecture Notes of the Institute for ... Telecommunications Engineering Book 430)

Cloud Computing: 11th EAI International Conference, CloudComp 2021, Virtual Event, December 9–10, 2021, Proceedings (Lecture Notes of the Institute for ... Telecommunications Engineering Book 430)

Mohammad R. Khosravi

Cloud Computing

Building Google Cloud Platform Solutions: Develop scalable applications from scratch and make them globally available in almost any language

Building Google Cloud Platform Solutions: Develop scalable applications from scratch and make them globally available in almost any language

Ted Hunter

AWS Certified Database - Specialty (DBS-C01) Certification Guide: A comprehensive guide to becoming an AWS Certified Database specialist

AWS Certified Database - Specialty (DBS-C01) Certification Guide: A comprehensive guide to becoming an AWS Certified Database specialist

Kate Gawron

AWS for Solutions Architects: Build and migrate your workload to Amazon Web Services using the cloud-native approach, 2nd Edition

AWS for Solutions Architects: Build and migrate your workload to Amazon Web Services using the cloud-native approach, 2nd Edition

Neelanjali Srivastav

Mastering Azure Security: Keeping your Microsoft Azure workloads safe, 2nd Edition

Mastering Azure Security: Keeping your Microsoft Azure workloads safe, 2nd Edition

Tom Janetscheck

Microsoft Azure

Automating Salesforce Marketing Cloud: Reap all the benefits of the SFMC platform and increase your productivity with the help of real-world examples

Automating Salesforce Marketing Cloud: Reap all the benefits of the SFMC platform and increase your productivity with the help of real-world examples

Jason Hanshaw

Data Lakehouse in Action: Architecting a modern and scalable data analytics platform

Data Lakehouse in Action: Architecting a modern and scalable data analytics platform

Pradeep Menon

Professional Cloud Architect Google Cloud Certification Guide: Build a solid foundation in Google Cloud Platform to achieve the most lucrative IT certification, 2nd Edition

Professional Cloud Architect Google Cloud Certification Guide: Build a solid foundation in Google Cloud Platform to achieve the most lucrative IT certification, 2nd Edition

Brian Gerrard

Policy Design in the Age of Digital Adoption: Explore how PolicyOps can drive Policy as Code adoption in an organization's digital transformation

Policy Design in the Age of Digital Adoption: Explore how PolicyOps can drive Policy as Code adoption in an organization's digital transformation

Ricardo Ferreira

System Administration

Cloud-Native Observability with OpenTelemetry: Learn to gain visibility into systems by combining tracing, metrics, and logging with OpenTelemetry

Cloud-Native Observability with OpenTelemetry: Learn to gain visibility into systems by combining tracing, metrics, and logging with OpenTelemetry

Alex Boten

Cloud Computing

Other Authors' Books

Other Publishing Books

Learning Domain-Driven Design: Aligning Software Architecture and Business Strategy

Learning Domain-Driven Design: Aligning Software Architecture and Business Strategy

Vlad Khononov

Software Architecture

CockroachDB: The Definitive Guide: Distributed Data at Scale

CockroachDB: The Definitive Guide: Distributed Data at Scale

Guy Harrison

SQL Server Advanced Troubleshooting and Performance Tuning: Best Practices and Techniques

SQL Server Advanced Troubleshooting and Performance Tuning: Best Practices and Techniques

Dmitri Korotkevitch

Advanced Analytics with PySpark: Patterns for Learning from Data at Scale Using Python and Spark

Advanced Analytics with PySpark: Patterns for Learning from Data at Scale Using Python and Spark

Akash Tandon

Snowflake: The Definitive Guide: Architecting, Designing, and Deploying on the Snowflake Data Cloud

Snowflake: The Definitive Guide: Architecting, Designing, and Deploying on the Snowflake Data Cloud

Joyce Avila

Cloud Computing

Python for Data Analysis: Data Wrangling with pandas, NumPy, and Jupyter

Python for Data Analysis: Data Wrangling with pandas, NumPy, and Jupyter

Wes McKinney

Python for Geospatial Data Analysis: Theory, Tools, and Practice for Location Intelligence

Python for Geospatial Data Analysis: Theory, Tools, and Practice for Location Intelligence

Bonny P McClain

Efficient Go: Data-Driven Performance Optimization

Efficient Go: Data-Driven Performance Optimization

Bartlomiej Plotka

Software Development

Foundations of Scalable Systems: Designing Distributed Architectures

Foundations of Scalable Systems: Designing Distributed Architectures

Ian Gorton

Software Development

Consul: Up and Running: Service Mesh for Any Runtime or Cloud

Consul: Up and Running: Service Mesh for Any Runtime or Cloud

Luke Kysow

Reliable Machine Learning: Applying SRE Principles to ML in Production

Reliable Machine Learning: Applying SRE Principles to ML in Production

Todd Underwood

Machine Learning

Operating OpenShift: An SRE Approach to Managing Infrastructure

Operating OpenShift: An SRE Approach to Managing Infrastructure

Manuel Dewald

Software Development

User Reviews

Log in first to post a comment

Rating

0

0

0

0

0

average 0

Total votes0