O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Web Application Security

Book Description

While many resources for network and IT security are available, detailed knowledge regarding modern web application security has been lacking—until now. This practical guide provides both defensive and offensive security concepts that software engineers can easily learn and apply.

Andrew Hoffman, a product security lead at Salesforce.com, introduces three pillars of web application security: recon, offense, and defense. You’ll learn methods for effectively researching and analyzing modern web applications—including those you don’t have direct access to. You’ll also learn how to apply countermeasures to your own applications in order to prevent or mitigate risk from hackers.

Ideal as a reference guide or educational text, this book helps you:

  • Explore common vulnerabilities that plague today's web applications
  • Learn essential hacking techniques that attackers use for exploiting applications
  • Map and document web applications for which you do not have direct access
  • Hack your application by applying the OWASP 10 exploits and other attacks
  • Learn how to code your application to protect against the attacks you’ve identified
  • Get practical tips to help you improve the overall security of your web products
  • Develop and deploy your own customized exploits that can bypass many defenses