Andrew Hoffman - Web Application Security
Here you can read online Andrew Hoffman - Web Application Security full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2020, publisher: OReilly Media, Inc., genre: Computer / Science. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:
Romance novel
Science fiction
Adventure
Detective
Science
History
Home and family
Prose
Art
Politics
Computer
Non-fiction
Religion
Business
Children
Humor
Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.
- Book:Web Application Security
- Author:
- Publisher:OReilly Media, Inc.
- Genre:
- Year:2020
- Rating:4 / 5
- Favourites:Add to favourites
- Your mark:
- 80
- 1
- 2
- 3
- 4
- 5
Web Application Security: summary, description and annotation
We offer to read an annotation, description, summary or preface (depends on what the author of the book "Web Application Security" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.
Web Application Security — read online for free the complete book (whole text) full work
Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Web Application Security" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.
Font size:
Interval:
Bookmark:
by Andrew Hoffman
Copyright 2020 Andrew Hoffman. All rights reserved.
Printed in the United States of America.
Published by OReilly Media, Inc. , 1005 Gravenstein Highway North, Sebastopol, CA 95472.
OReilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://oreilly.com). For more information, contact our corporate/institutional sales department: 800-998-9938 or corporate@oreilly.com .
- Acquisitions Editor: Jennifer Pollock
- Development Editor: Angela Rufino
- Production Editor: Katherine Tozer
- Copyeditor: Sonia Saruba
- Proofreader: Christina Edwards, Piper Editorial
- Indexer: Judy McConnville
- Interior Designer: David Futato
- Cover Designer: Karen Montgomery
- Illustrator: Rebecca Demarest
- March 2020: First Edition
- 2020-03-03: First Release
See http://oreilly.com/catalog/errata.csp?isbn=9781492053118 for release details.
The OReilly logo is a registered trademark of OReilly Media, Inc. Web Application Security, the cover image, and related trade dress are trademarks of OReilly Media, Inc.
The views expressed in this work are those of the author, and do not represent the publishers views. While the publisher and the author have used good faith efforts to ensure that the information and instructions contained in this work are accurate, the publisher and the author disclaim all responsibility for errors or omissions, including without limitation responsibility for damages resulting from the use of or reliance on this work. Use of the information and instructions contained in this work is at your own risk. If any code samples or other technology this work contains or describes is subject to open source licenses or the intellectual property rights of others, it is your responsibility to ensure that your use thereof complies with such licenses and/or rights.
978-1-492-05311-8
[LSI]
Special thanks to the following people:
Angela Rufino and Jennifer Pollock, for walking me through the publishing process and helping throughout many stages of writing.
August Detlefsen, Ryan Flood, Chetan Karande, Allan Liska, and Tim Gallo, for providing excellent technical feedback and improvement suggestions.
Amy Adams, for supporting me unconditionally and being the best friend anyone could ever ask for.
Welcome to Web Application Security: Exploitation and Countermeasures for Modern Web Applications. In this preface, we will discuss the required foundations for successfully reading and understanding the content in this book. We will also discuss learning goals and attempt to build an archetypical reader profile so you (the reader) can understand if you will benefit from this book or not.
Consider completing this preface prior to moving on to if you dont know if this book is for you, or if you arent sure your existing skill set is ready for the technical content in the following chapters.
This is a book that will not only aid you in learning how to defend your web application against hackers, but will also walk you through the steps hackers take in order to investigate and break into a web application.
Throughout this book we will discuss many techniques that hackers are using today to break into web applications hosted by corporations, governments, and occasionally even hobbyists.
Following sufficient investigation into the previously mentioned techniques, we begin a discussion on how to secure web applications against these hackers.
In doing so you will discover brand new ways of thinking about application architecture. You will also learn how to integrate security best practices into an engineering organization. Finally, we will evaluate a number of techniques for defending against the most common and dangerous types of attacks that occur against web applications today.
After completing Web Application Security you will have the required knowledge to perform recon techniques against applications you do not have code-level access to.
You will also be able to identify threat vectors and vulnerabilities in web applications, and craft payloads designed to compromise application data, interrupt execution flow, or interfere with the intended function of a web application.
With these skills in hand, and the knowledge gained from the final section on securing web applications, you will be able to identify risky areas of a web applications codebase and understand how to write code to defend against attacks that would otherwise leave your application and its users at risk.
The content in this book ramps up progressively, so if you choose to skip ahead and find you are missing essential prerequisite information, just go back a few chapters to catch up.
Any topics that are not defined as a prerequisite in this chapter should not be presented in the book without prior explanation.
The potential audience for this book is quite broad, but the style in which the book is written and how the examples are structured should make it ideal for anyone with an intermediary-level background in software engineering.
What does an intermediary-level background in software engineering imply, you might ask? The answer to that question will differ significantly from person to person. As far as any highly technical person is concerned, this book might actually only require a beginner-level background in software engineering. In other words, a system administrator with prior web development and/or scripting experience (if sufficient enough) could reasonably read through this book and understand all of the examples. That being said, this book includes examples that require both client and server coding knowledge. Knowing one or the other is not be sufficient for a deep understanding of these examples.
This book also includes discussions regarding basic client/server networking over HTTP. Additionally, conversations regarding software architecture pop up in later chapters as we explore ways of integrating in-house software with third-party software while mitigating security risks.
Because so many topics are covered in this book, I have chosen to define the required skill level to successfully complete this book as intermediate versus beginner because this book would not be appropriate for those without any experience or knowledge of writing production-quality software applications.
In this book, an intermediary-level background in software engineering implies the following:
You can write basic CRUD (create, read, update, delete) programs in at least one programming language.
You can write code that runs on a server somewhere (such as backend code).
You can write at least some code that runs in a browser (frontend code, usually JavaScript).
You know what HTTP is, and can make, or at least read, GET/POST calls over HTTP in some language or framework.
You can write, or at least read and understand, applications that make use of both server-side and client-side code, and communicate between the two over HTTP.
You are familiar with at least one popular database (MySql, MongoDB, etc.).
Font size:
Interval:
Bookmark:
Similar books «Web Application Security»
Look at similar books to Web Application Security. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.
Discussion, reviews of the book Web Application Security and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.