Mueller - Security for Web Developers

Security for Web Developers provides you with the resources you need to work through web application security problems. Yes, you also see some information about platforms, because browsers run on specific platforms. In addition, you might see some of these security issues when working with desktop applications simply because the security landscape occupies both application domains. However, this book focuses on security for web applications, no matter where those applications run. You can find information on everything from the latest smartphone to an older desktop, and everything in-between. The book breaks the information into the following parts, each of which takes you another step along the path to creating a better security plan for your organization:

Nothing works well without planning. However, some of the worst disasters in the computer industry occurred due to a bad plan, rather than no planning at all. This part of the book helps you create a good security plan for your organizationone that considers all the latest user devices and user needs as part of the picture. This part of the book also discusses the need for third-party support, because lets face it: the complex security environment really does make it hard to create a secure environment alone. The materials help you locate the right sort of third-party help and ensure you actually get the value you need from it.Creating applications today means relying on third-party code found in libraries, APIs, and microservices. This part of the book helps you consider coding issues. You wont find bits and bytes for the most part, but instead find helpful tips for incorporating these elements into your application successfully. This part of the book helps you manage your applications, rather than allowing them to manage you.You have a number of ways to test applications and a number of means to do it. For example, you can create your own test suites or you could rely on one produced by someone else. A third party could do the testing for you. Perhaps you want to know how best to combine different strategies to ensure you have your entire application covered. This part of the book answers all your questions about modern testing strategies and details what you can do to make your efforts more efficient.At some point, your application is in production and running smoothly. Some applications continue to run for years this way without getting the proper maintenance. Unfortunately, modern application development means performing updates regularly because the hackers are constantly creating new strategies for accessing your system. Adding to this mess are all the updates to those third-party libraries, APIs, and microservices that you use. This part of the book provides you a map through the update maze and makes it possible to keep everything running smoothly without losing your mind first.Security threats constantly evolve, which means that you need some means to keep updated. One method is to track security threats. Of course, if you track every threat, you never get anything done. This part of the book describes techniques you can use to avoid information overflow. The second technique is to obtain additional training. In fact, your entire organization needs training of some sort to keep abreast of current security issues and techniques for dealing with them. This part of the book also discusses training requirements in a way that every organization can useeven if youre a one-person business or a recent startup.