Web Application Security, A Beginner's Guide

Web Application Security, A Beginner's Guide

by Bryan Sullivan, Vincent Liu
Released December 2011
Publisher(s): McGraw-Hill
ISBN: 9780071776127

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Security Smarts for the Self-Guided IT Professional

“Get to know the hackers—or plan on getting hacked. Sullivan and Liu have created a savvy, essentials-based approach to web app security packed with immediately applicable tools for any information security practitioner sharpening his or her tools or just starting out.” —Ryan McGeehan, Security Manager, Facebook, Inc.

Secure web applications from today's most devious hackers. Web Application Security: A Beginner's Guide helps you stock your security toolkit, prevent common hacks, and defend quickly against malicious attacks.

This practical resource includes chapters on authentication, authorization, and session management, along with browser, database, and file security--all supported by true stories from industry. You'll also get best practices for vulnerability detection and secure development, as well as a chapter that covers essential security fundamentals. This book's templates, checklists, and examples are designed to help you get started right away.

Web Application Security: A Beginner's Guide features:

  • Lingo--Common security terms defined so that you're in the know on the job
  • IMHO--Frank and relevant opinions based on the authors' years of industry experience
  • Budget Note--Tips for getting security technologies and processes into your organization's budget
  • In Actual Practice--Exceptions to the rules of security explained in real-world contexts
  • Your Plan--Customizable checklists you can use on the job now
  • Into Action--Tips on how, why, and when to apply new skills and techniques at work

Table of contents

  1. Title Page
  2. Copyright Page
  3. Dedication
  4. About the Authors
  5. Contents at a Glance
  6. Contents
  7. Acknowledgments
  8. Introduction
  9. PART I Primer
    1. CHAPTER 1 Welcome to the Wide World of Web Application Security
      1. Misplaced Priorities and the Need for a New Focus
      2. Network Security versus Application Security: The Parable of the Wizard and the Magic Fruit Trees
      3. Thinking like a Defender
      4. The OWASP Top Ten List
      5. Secure Features, Not Just Security Features
      6. Final Thoughts
    2. CHAPTER 2 Security Fundamentals
      1. Input Validation
      2. Attack Surface Reduction
      3. Classifying and Prioritizing Threats
  10. PART II Web Application Security Principles
    1. CHAPTER 3 Authentication
      1. Access Control Overview
      2. Authentication Fundamentals
      3. Two-Factor and Three-Factor Authentication
      4. Web Application Authentication
      5. Securing Password-Based Authentication
      6. Secure Authentication Best Practices
    2. CHAPTER 4 Authorization
      1. Access Control Continued
      2. Session Management Fundamentals
      3. Securing Web Application Session Management
    3. CHAPTER 5 Browser Security Principles: The Same-Origin Policy
      1. Defining the Same-Origin Policy
      2. Exceptions to the Same-Origin Policy
      3. Final Thoughts on the Same-Origin Policy
    4. CHAPTER 6 Browser Security Principles: Cross-Site Scripting and Cross-Site Request Forgery
      1. Cross-Site Scripting
      2. Cross-Site Request Forgery
    5. CHAPTER 7 Database Security Principles
      1. Structured Query Language (SQL) Injection
      2. Setting Database Permissions
      3. Stored Procedure Security
      4. Insecure Direct Object References
    6. CHAPTER 8 File Security Principles
      1. Keeping Your Source Code Secret
      2. Security Through Obscurity
      3. Forceful Browsing
      4. Directory Traversal
  11. PART III Secure Development and Deployment
    1. CHAPTER 9 Secure Development Methodologies
      1. Baking Security In
      2. The Holistic Approach to Application Security
      3. Industry Standard Secure Development Methodologies and Maturity Models
  12. EPILOGUE The Wizard, the Giant, and the Magic Fruit Trees: A Happy Ending
  13. Index

Product information

  • Title: Web Application Security, A Beginner's Guide
  • Author(s): Bryan Sullivan, Vincent Liu
  • Release date: December 2011
  • Publisher(s): McGraw-Hill
  • ISBN: 9780071776127