Matthew Baker - Secure Web Application Development: A Hands-On Guide with Python and Django
Here you can read online Matthew Baker - Secure Web Application Development: A Hands-On Guide with Python and Django full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2022, publisher: Apress, genre: Computer. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:
Romance novel
Science fiction
Adventure
Detective
Science
History
Home and family
Prose
Art
Politics
Computer
Non-fiction
Religion
Business
Children
Humor
Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.
- Book:Secure Web Application Development: A Hands-On Guide with Python and Django
- Author:
- Publisher:Apress
- Genre:
- Year:2022
- Rating:3 / 5
- Favourites:Add to favourites
- Your mark:
Secure Web Application Development: A Hands-On Guide with Python and Django: summary, description and annotation
We offer to read an annotation, description, summary or preface (depends on what the author of the book "Secure Web Application Development: A Hands-On Guide with Python and Django" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.
The focus is highlighting how hackers attack applications along with a broad arsenal of defenses. This will enable you to pick appropriate techniques to close vulnerabilities while still providing users with their needed functionality.
Topics covered include:
- A framework for deciding what needs to be protected and how strongly
- Configuring services such as databases and web servers
- Safe use of HTTP methods such as GET, POST, etc, cookies and use of HTTPS
- Safe REST APIs
- Server-side attacks and defenses such as injection and cross-site scripting
- Client-side attacks and defenses such as cross-site request forgery
- Security techniques such as CORS, CSP
- Password management, authentication and authorization, including OAuth2
- Best practices for dangerous operations such as password change and reset
- Use of third-party components and supply chain security (Git, CI/CD etc)
What Youll Learn
- Review the defenses that can used to prevent attacks
- Model risks to better understand what to defend and how
- Choose appropriate techniques to defend against attacks
- Implement defenses in Python/Django applications
- Developers who already know how to build web applications but need to know more about security
- Non-professional software engineers, such as scientists, who must develop web tools and want to make their algorithms available to a wider audience.
- Engineers and managers who are responsible for their product/company technical security policy
Matthew Baker: author's other books
Who wrote Secure Web Application Development: A Hands-On Guide with Python and Django? Find out the surname, the name of the author of the book and a list of all author's works by series.
Secure Web Application Development: A Hands-On Guide with Python and Django — read online for free the complete book (whole text) full work
Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Secure Web Application Development: A Hands-On Guide with Python and Django" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.
Font size:
Interval:
Bookmark:
The Apress logo.
This Apress imprint is published by the registered company APress Media, LLC, part of Springer Nature.
The registered company address is: 1 New York Plaza, New York, NY 10004, U.S.A.
To my children Harry and Alexander, who I hope will be the next generations innovators.
Any source code or other supplementary material referenced by the author in this book is available to readers on GitHub.
No book is a one-man show, and this book would not have gone to print without the support and encouragement of those around me.
I would like to thank my team at ETH Zurich, especially Dr. Uwe Schmitt who is a wise and rational sounding board. I would like to thank the team at Apress for their structured and professional execution and for giving me so much freedom in authoring this book.
Thanks also to my brother, Julian Baker of Flat Earth Industries, for the graphics he supplied for this book (I especially like the skull earrings on Alice the Hacker).
Finally, and most importantly, I would like to thank my friends in Switzerland, my children, and my wife, Sevda, for their encouragement and for not complaining when I disappear for hours, or days, in front of my computers.
A photo of Matthew Baker.
He can be reached at matthew.baker@id.ethz.ch .
A photo of Sean Wright.
In 2009, hackers obtained user credentials of over 30 million users of mobile game publisher RockYou. They exploited a SQL injection vulnerability to obtain the sites user table. To make matters worse, passwords were stored unencrypted, allowing the hackers to obtain their passwords without further need to crack them.
In 2010, a developer released a Firefox extension called Firesheep that enabled eavesdroppers to obtain session IDs of Facebook and other sites logged in through the same Wi-Fi network. This enabled the eavesdropper to log in as that user without needing to enter a password.
In 2017, hackers obtained the records of over 130 million individuals from credit bureau Equifax. The vulnerability was in a web framework Equifax was using, Apache Struts. The vulnerability has already been identified and fixed by Apache, but at the time of the hack, Equifax had not updated to the patched version.
These three examples demonstrate that even large, often reputable organizations can get hacked. In each instance, the breach was preventable. In this book, we will look at the vulnerabilities that lead to these compromises, along with many others, and, of course, how to fix them.
Web application security is an ongoing war between hackers and developers. If we, as developers, simply learn techniques to make applications more secure, without understanding the attacks fully, hackers will find other vulnerabilities to exploit. Therefore, we must understand how hackers discover and exploit vulnerabilities. We must also understand why defenses work and what attacks they do and do not prevent.
Most importantly, we must use several techniques together and choose a set of defenses that fit with the requirements of our application while at the same time making our applications secure enough to prevent or minimize attack.
In this book, we will look at the vulnerabilities hackers exploit to compromise our systems and how they discover them. We will simulate the attacks through hands-on examples. In each case, we will look at techniques to close the vulnerability or reduce its impact. Again, through hands-on examples, we will see why these approaches prevent attacks as well as the vulnerabilities they do not address. By understanding the details of these techniques, you can use them together to make your applications more secure while still giving your users a sufficient quality of service.
Font size:
Interval:
Bookmark:
Similar books «Secure Web Application Development: A Hands-On Guide with Python and Django»
Look at similar books to Secure Web Application Development: A Hands-On Guide with Python and Django. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.
Discussion, reviews of the book Secure Web Application Development: A Hands-On Guide with Python and Django and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.