book

Web Application Security

Name: Web Application Security
Author: Andrew Hoffman
ISBN: 9781492053118

by Andrew Hoffman

March 2020

Intermediate to advanced

327 pages

8h 1m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Preface
Prerequisite Knowledge and Learning GoalsSuggested BackgroundMinimum Required SkillsWho Benefits Most from Reading This Book?Software Engineers and Web Application DevelopersGeneral Learning GoalsSecurity Engineers, Pen Testers, and Bug Bounty HuntersHow Is This Book Organized?ReconOffenseDefenseLanguage and TerminologySummaryConventions Used in This BookO’Reilly Online LearningHow to Contact Us
1. The History of Software Security
The Origins of HackingThe Enigma Machine, Circa 1930Automated Enigma Code Cracking, Circa 1940Introducing the “Bombe”Telephone “Phreaking,” Circa 1950Anti-Phreaking Technology, Circa 1960The Origins of Computer Hacking, Circa 1980The Rise of the World Wide Web, Circa 2000Hackers in the Modern Era, Circa 2015+Summary
I. Recon
2. Introduction to Web Application Reconnaissance
Information GatheringWeb Application MappingSummary
3. The Structure of a Modern Web Application
Modern Versus Legacy Web ApplicationsREST APIsJavaScript Object NotationJavaScriptVariables and ScopeFunctionsContextPrototypal InheritanceAsynchronyBrowser DOMSPA FrameworksAuthentication and Authorization SystemsAuthenticationAuthorizationWeb ServersServer-Side DatabasesClient-Side Data StoresSummary
4. Finding Subdomains
Multiple Applications per DomainThe Browser’s Built-In Network Analysis ToolsTaking Advantage of Public RecordsSearch Engine CachesAccidental ArchivesSocial SnapshotsZone Transfer AttacksBrute Forcing SubdomainsDictionary AttacksSummary
5. API Analysis
Endpoint DiscoveryAuthentication MechanismsEndpoint ShapesCommon ShapesApplication-Specific ShapesSummary
6. Identifying Third-Party Dependencies
Detecting Client-Side FrameworksDetecting SPA FrameworksDetecting JavaScript LibrariesDetecting CSS LibrariesDetecting Server-Side FrameworksHeader DetectionDefault Error Messages and 404 PagesDatabase DetectionSummary
7. Identifying Weak Points in Application Architecture
Secure Versus Insecure Architecture SignalsMultiple Layers of SecurityAdoption and ReinventionSummary
8. Part I Summary

II. Offense
9. Introduction to Hacking Web Applications
The Hacker’s MindsetApplied Recon
10. Cross-Site Scripting (XSS)
XSS Discovery and ExploitationStored XSSReflected XSSDOM-Based XSSMutation-Based XSSSummary
11. Cross-Site Request Forgery (CSRF)
Query Parameter TamperingAlternate GET PayloadsCSRF Against POST EndpointsSummary
12. XML External Entity (XXE)
Direct XXEIndirect XXESummary
13. Injection
SQL InjectionCode InjectionCommand InjectionSummary
14. Denial of Service (DoS)
regex DoS (ReDoS)Logical DoS VulnerabilitiesDistributed DoSSummary
15. Exploiting Third-Party Dependencies
Methods of IntegrationBranches and ForksSelf-Hosted Application IntegrationsSource Code IntegrationPackage ManagersJavaScriptJavaOther LanguagesCommon Vulnerabilities and Exposures DatabaseSummary
16. Part II Summary
III. Defense
17. Securing Modern Web Applications
Defensive Software ArchitectureComprehensive Code ReviewsVulnerability DiscoveryVulnerability AnalysisVulnerability ManagementRegression TestingMitigation StrategiesApplied Recon and Offense Techniques
18. Secure Application Architecture
Analyzing Feature RequirementsAuthentication and AuthorizationSecure Sockets Layer and Transport Layer SecuritySecure CredentialsHashing Credentials2FAPII and Financial DataSearchingSummary
19. Reviewing Code for Security
How to Start a Code ReviewArchetypical Vulnerabilities Versus Custom Logic BugsWhere to Start a Security ReviewSecure-Coding Anti-PatternsBlacklistsBoilerplate CodeTrust-By-Default Anti-PatternClient/Server SeparationSummary
20. Vulnerability Discovery
Security AutomationStatic AnalysisDynamic AnalysisVulnerability Regression TestingResponsible Disclosure ProgramsBug Bounty ProgramsThird-Party Penetration TestingSummary
21. Vulnerability Management
Reproducing VulnerabilitiesRanking Vulnerability SeverityCommon Vulnerability Scoring SystemCVSS: Base ScoringCVSS: Temporal ScoringCVSS: Environmental ScoringAdvanced Vulnerability ScoringBeyond Triage and ScoringSummary
22. Defending Against XSS Attacks
Anti-XSS Coding Best PracticesSanitizing User InputDOMParser SinkSVG SinkBlob SinkSanitizing HyperlinksHTML Entity EncodingCSSContent Security Policy for XSS PreventionScript SourceUnsafe Eval and Unsafe InlineImplementing a CSPSummary
23. Defending Against CSRF Attacks
Header VerificationCSRF TokensStateless CSRF TokensAnti-CRSF Coding Best PracticesStateless GET RequestsApplication-Wide CSRF MitigationSummary
24. Defending Against XXE
Evaluating Other Data FormatsAdvanced XXE RisksSummary
25. Defending Against Injection
Mitigating SQL InjectionDetecting SQL InjectionPrepared StatementsDatabase-Specific DefensesGeneric Injection DefensesPotential Injection TargetsPrinciple of Least AuthorityWhitelisting CommandsSummary
26. Defending Against DoS
Protecting Against Regex DoSProtecting Against Logical DoSProtecting Against DDoSDDoS MitigationSummary
27. Securing Third-Party Dependencies
Evaluating Dependency TreesModeling a Dependency TreeDependency Trees in the Real WorldAutomated EvaluationSecure Integration TechniquesSeparation of ConcernsSecure Package ManagementSummary
28. Part III Summary
The History of Software SecurityWeb Application ReconnaissanceOffenseDefense
29. Conclusion
Index

Overview

While many resources for network and IT security are available, detailed knowledge regarding modern web application security has been lacking—until now. This practical guide provides both offensive and defensive security concepts that software engineers can easily learn and apply.

Andrew Hoffman, a senior security engineer at Salesforce, introduces three pillars of web application security: recon, offense, and defense. You’ll learn methods for effectively researching and analyzing modern web applications—including those you don’t have direct access to. You’ll also learn how to break into web applications using the latest hacking techniques. Finally, you’ll learn how to develop mitigations for use in your own web applications to protect against hackers.

Explore common vulnerabilities plaguing today's web applications
Learn essential hacking techniques attackers use to exploit applications
Map and document web applications for which you don’t have direct access
Develop and deploy customized exploits that can bypass common defenses
Develop and deploy mitigations to protect your applications against hackers
Integrate secure coding best practices into your development lifecycle
Get practical tips to help you improve the overall security of your web applications

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781492053101Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills