Book description
In The Tangled Web, Michal Zalewski, one of the world's top browser security experts, offers a compelling narrative that explains exactly how browsers work and why they're fundamentally insecure. Rather than dispense simplistic advice on vulnerabilities, Zalewski examines the entire browser security model, revealing weak points and providing crucial information for shoring up web application security.
Table of contents
- The Tangled Web
- PRAISE FOR THE TANGLED WEB
- Dedication
- Preface
- 1. Security in the World of Web Applications
-
I. Anatomy of the Web
- 2. It Starts with a URL
- 3. Hypertext Transfer Protocol
- 4. Hypertext Markup Language
- 5. Cascading Style Sheets
-
6. Browser-Side Scripts
- Basic Characteristics of JavaScript
- Standard Object Hierarchy
- Script Character Encoding
- Code Inclusion Modes and Nesting Risks
- The Living Dead: Visual Basic
- 7. Non-HTML Document Types
- 8. Content Rendering with Browser Plug-ins
-
II. Browser Security Features
- 9. Content Isolation Logic
- 10. Origin Inheritance
- 11. Life Outside Same-Origin Rules
- 12. Other Security Boundaries
- 13. Content Recognition Mechanisms
- 14. Dealing with Rogue Scripts
- 15. Extrinsic Site Privileges
- III. A Glimpse of Things to Come
- 18. Common Web Vulnerabilities
- A. Epilogue
- Notes
- Index
- About the Author
- UPDATES
- Copyright
Product information
- Title: The Tangled Web
- Author(s):
- Release date: November 2011
- Publisher(s): No Starch Press
- ISBN: 9781593273880
You might also like
book
Web Security for Developers
The world has changed. Today, every time you make a site live, you’re opening it up …
book
Python Crash Course, 3rd Edition
Python Crash Course is the world's best-selling guide to the Python guide programming language, with over …
book
Building Microservices, 2nd Edition
As organizations shift from monolithic applications to smaller, self-contained microservices, distributed systems have become more fine-grained. …
book
tmux 2
Your mouse is slowing you down. The time you spend context switching between your editor and …