O'Reilly logo

Web Application Security is a Stack: How to CYA (Cover Your Apps) Completely by Lori Mac Vittie

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

 

CHAPTER 2: ATTACK SURFACE

Web application security tends to be viewed as the purview of developers. It is, after all, about the application, and thus much of the focus on protecting against attacks falls to application developers. The OWASP Top 10, for example, focuses primarily on the methods used by attackers to manipulate application data to gain system access, execute remote commands and generally extract data beyond security controls that may be in place. These attacks target the data exchanged between a client and the application, taking advantage of vulnerabilities in parsing and lax security practices in input validation.

But a web application can also be exploited in other ways. The very logic encoded in an application may be vulnerable. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required