Web Security for Developers: Real Threats, Practical Defense

Couverture
No Starch Press, 19 juin 2020 - 216 pages
Website security made easy. This book covers the most common ways websites get hacked and how web developers can defend themselves.

The world has changed. Today, every time you make a site live, you're opening it up to attack.

A first-time developer can easily be discouraged by the difficulties involved with properly securing a website. But have hope: an army of security researchers is out there discovering, documenting, and fixing security flaws. Thankfully, the tools you'll need to secure your site are freely available and generally easy to use.

Web Security for Developers will teach you how your websites are vulnerable to attack and how to protect them. Each chapter breaks down a major security vulnerability and explores a real-world attack, coupled with plenty of code to show you both the vulnerability and the fix.

You'll learn how to:
  • Protect against SQL injection attacks, malicious JavaScript, and cross-site request forgery
  • Add authentication and shape access control to protect accounts
  • Lock down user accounts to prevent attacks that rely on guessing passwords, stealing sessions,
  • or escalating privileges
  • Implement encryption
  • Manage vulnerabilities in legacy code
  • Prevent information leaks that disclose vulnerabilities
  • Mitigate advanced attacks like malvertising and denial-of-service

  • As you get stronger at identifying and fixing vulnerabilities, you'll learn to deploy disciplined, secure code and become a better programmer along the way.
     

    Pages sélectionnées

    Table des matières

    Lets Hack a Website
    1
    How to Hack a Website
    3
    THE BASICS
    5
    How the Internet Works
    7
    Application Layer Protocols
    9
    How Browsers Work
    15
    Everything Else the Browser Does
    20
    How Web Servers Work
    23
    Summary
    92
    Session Hijacking
    93
    How Sessions Work
    94
    Permissions
    103
    Summary
    111
    Information Leaks
    113
    Encryption
    117
    Attacking HTTP and HTTPS
    127

    Dynamic Resources
    26
    How Programmers Work
    35
    The Release Process
    40
    THE THREATS
    47
    Injection Attacks
    49
    Command Injection
    50
    Remote Code Execution
    56
    Summary
    63
    CrossSite Scripting Attacks
    65
    Reflected CrossSite Scripting Attacks
    70
    CrossSite Request Forgery Attacks
    75
    Anatomy of a CSRF Attack
    76
    Compromising Authentication
    81
    Implementing Authentication
    82
    ThirdParty Code
    131
    XML Attacks
    145
    Other Considerations
    152
    Dont Be an Accessory
    153
    ServerSide Request Forgery
    159
    DenialofService Attacks
    163
    Summary
    168
    Summing Up
    169
    Index
    173
    49
    179
    83
    180
    3
    182
    Droits d'auteur

    Autres éditions - Tout afficher

    Expressions et termes fréquents

    À propos de l'auteur (2020)

    Malcolm McDonald has been programming for over 20 years. McDonald is the creator of www.hacksplaining.com, an online training program for web developers.

    Informations bibliographiques