Secure web applications from today's most devious hackers. Web Application Security: A Beginner's Guide helps you stock your security toolkit, prevent common hacks, and defend quickly against malicious attacks.
This practical resource includes chapters on authentication, authorization, and session management, along with browser, database, and file securityall supported by true stories from industry. You'll also get best practices for vulnerability detection and secure development, as well as a chapter that covers essential security fundamentals. This book's templates, checklists, and examples are designed to help you get started right away.
Web Application Security: A Beginner's Guide features:
- LingoCommon security terms defined so that you're in the know on the job
- IMHOFrank and relevant opinions based on the authors' years of industry experience
- Budget NoteTips for getting security technologies and processes into your organization's budget
- In Actual PracticeExceptions to the rules of security explained in real-world contexts
- Your PlanCustomizable checklists you can use on the job now
- Into ActionTips on how, why, and when to apply new skills and techniques at work
About the Author
Vincent Liu, CISSP, is a managing partner at Stach & Liu. He previously led the Attack & Penetration and Reverse Engineering teams for Honeywell's Global Security group and was an analyst at the National Security Agency. Vincent is a coauthor of Hacking Exposed: Web Applications, Third Edition and Hacking Exposed Wireless, Second Edition.
Table of ContentsPart I: Primer
Chapter 1. Welcome to the Wide World of Web Application Security
Chapter 2. Security Fundamentals
Part II: Web Application Security Principles
Chapter 3. Authentication
Chapter 4. Authorization
Chapter 5. Browser Security Principles: The Same-Origin Policy
Chapter 6. Browser Security Principles: Cross-Site Scripting and Cross-Site Request Forgery
Chapter 7. Database Security Principles
Chapter 8. File Security Principles
Part III: Secure Development and Deployment
Chapter 9. Secure Development Methodologies
Epilogue: The Wizard, the Giant, and the Magic Fruit Trees: A Happy Ending