Introduction

Web Application Defender’s Cookbook is a consolidation of tutorials called recipes. They are designed to facilitate the expedient mitigation of the most critical vulnerabilities and attack methods that cyber criminals use today. Whether you’re mitigating a denial-of-service attack on your e-commerce application, responding to a fraud incident on your banking application, or protecting users of a newly deployed social networking application, this book gives you creative solutions to these challenges. This book shows you how to be as pragmatic as possible when performing remediation. Although each recipe includes adequate background information so that you understand how the web application attack or vulnerability works, theory is kept to a minimum. The recipes’ main intent is to provide step-by-step countermeasures you can use to thwart malicious activity within your web applications.

I obtained the information in this book through years of protecting government, educational, and commercial web sites from a wide range of adversaries who used an even wider array of attack methods. Because web attack methods employ multiple levels of complexity and sophistication, so do the remediation recipes presented in this book. All the recipes, however, have a foundation in the following skill sets and topics (listed in order of relevance):

• Web application vulnerabilities and attacks
• HTTP
• Perl Compatible Regular Expressions (PCRE)
• Programming (Lua, Python, and Perl)
• Web server ...