CHAPTER 2: ATTACK SURFACE

Web application security tends to be viewed as the purview of developers. It is, after all, about the application, and thus much of the focus on protecting against attacks falls to application developers. The OWASP Top 10, for example, focuses primarily on the methods used by attackers to manipulate application data to gain system access, execute remote commands and generally extract data beyond security controls that may be in place. These attacks target the data exchanged between a client and the application, taking advantage of vulnerabilities in parsing and lax security practices in input validation.

But a web application can also be exploited in other ways. The very logic encoded in an application may be vulnerable. ...

Get Web Application Security is a Stack: How to CYA (Cover Your Apps) Completely now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.