13 Vulnerabilities in third-party code

In this chapter

How to protect against vulnerabilities in code written by others
How to avoid advertising what your tech stack is built from
How to secure your configuration

Here’s a thought that should keep you up at night: most of the code powering your web applications wasn’t written by you. How can you know it’s secure, then?

To build a modern web application is to stand on the shoulders of giants. Most of the running code that keeps the web application responding to HTTP requests will have been written by other people. This code includes the application server itself, the programming language runtime, all your dependencies and libraries, your supplementary applications (such as web servers, databases, ...

Get Grokking Web Application Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Grokking Web Application Security by Malcolm McDonald

13 Vulnerabilities in third-party code

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly