Web Application Security: Exploitation and Countermeasures for Modern Web Applications
by: Andrew Hoffman
Print Length 页数: 332 pages
Publisher finelybook 出版社: O’Reilly Media; 1 edition (March 24,2020)
Language 语言: English
ISBN-10: 1492053112
ISBN-13: 9781492053118
Book Description
While many resources for network and IT security are available,detailed knowledge regarding modern web application security has been lacking—until now. This practical guide provides both offensive and defensive security concepts that software engineers can easily learn and apply.
Andrew Hoffman,a senior security engineer at Salesforce,introduces three pillars of web application security: recon,offense,and defense. You’ll learn methods for effectively researching and analyzing modern web applications—including those you don’t have direct access to. You’ll also learn how to break into web applications using the latest hacking techniques. Finally,you’ll learn how to develop mitigations for use in your own web applications to protect against hackers.
Explore common vulnerabilities plaguing today’s web applications
Learn essential hacking techniques attackers use to exploit applications
Map and document web applications for which you don’t have direct access
Develop and deploy customized exploits that can bypass common defenses
Develop and deploy mitigations to protect your applications against hackers
Integrate secure coding best practices into your development lifecycle
Get practical tips to help you improve the overall security of your web applications
Preface
1. The History of Software Security
. Recon
2. Introduction to Web Application Reconnaissance
3. The Structure of a Modern Web Application
4. Finding Subdomains
5. API Analysis
6. Identifying Third-Party Dependencies
7. ldentifying Weak Points in Application Architecture
8. Part ISummary
ll. Offense
9. Introduction to Hacking Web Applications
10. Cross-Site Scripting(XSS)
11. Cross-Site Request Forgery(CSRF)
12. XML External Entity(XXE)
13. Injection
14. Denial of Service(DoS)
15. Exploiting Third-Party Dependencies
16. Part ll Summary
ll. Defense
17. Securing Modern Web Applications
18. Secure Application Architecture
19. Reviewing Code for Security
20. Vulnerability Discovery
21. Vulnerability Management
22. Defending Against XSS Attacks
23. Defending Against CSRF Attacks
24. Defending Against XXE
25. Defending Against Injection
26. Defending Against DoS
27. Securing Third-Party Dependencies
28. Part ll Summary
29. Conclusion
Index
