3 Security layer 1: protecting web applications
This chapter covers
- Automating the security testing of an application in CI
- Identifying and protecting against common web app attacks
- Authentication techniques for websites
- Keeping web apps and their dependencies up to date
In chapter 2, we deployed the invoicer, a small web application (web app) that manages invoices. We ignored security completely to focus on building a DevOps pipeline. In this chapter, we’ll go back to the invoicerapplication and focus on securing it. Our interest here is in the application itself, as we’ll cover the security of the infrastructure and the CI/CD pipeline in later chapters.
Web application security (WebAppSec) is its own specialty within the field of information ...
Get Securing DevOps now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.