June 2024
Intermediate
6h 49m
English
Overview
In Video Editions the narrator reads the book while the content, figures, code listings, diagrams, and text appear on the screen. Like an audiobook that you can also watch as a video.
When you launch an application on the web, every hacker in the world has access to it. Are you sure your web apps can stand up to the most sophisticated attacks?
Trying to teach yourself about web security from the internet can feel like walking into a huge disorganized library—one where you can never find what you need, and the wrong advice might endanger your application! You need a single, all-in-one guide to securing your apps against all the attacks they can and will face. You need Grokking Web Application Security.
This brilliantly illustrated and clearly written guide delivers detailed coverage on:
- Browser security, including sandboxing, the same-origin policy, and cookie security
- Securing web servers with input validation, escaping of output, and defense in depth
- A development process that prevents security bugs
- Browser vulnerabilities, from cross-site scripting and cross-site request forgery, to clickjacking
- Network vulnerabilities, such as man-in-the-middle attacks, SSL-stripping, and DNS poisoning
- Authentication vulnerabilities, such as brute forcing of credentials with single sign-on or multi-factor authentication
- Authorization vulnerabilities, such as broken access control and session jacking
- How to use encryption in web applications
- Injection attacks, command execution attacks, and remote code execution attacks
- Malicious payloads that can be used to attack XML parsers and file upload functions
Grokking Web Application Security teaches you how to build web apps that are ready and resilient to any attack. It’s laser-focused on what the working programmer needs to know about web security. In it, you’ll find practical recommendations for both common and not-so-common vulnerabilities—everything from SQL injection to cross-site scripting inclusion attacks. You’ll learn what motivates hackers, discover the latest tools for identifying issues, and set up a development lifecycle that catches problems early. Read it cover to cover for a comprehensive overview of web security, and dip in as a reference whenever you need to tackle a specific vulnerability.
About the Technology
Application security is a front-burner concern for web developers. Whether working on the UI with a frontend framework or building out the server side, it’s up to you to understand the threats and know exactly how to keep the black hats from getting the upper hand.
About the Book
Grokking Web Application Security covers everything a working developer needs to know about securing applications in the browser and on the server. The tested techniques apply to any stack and are illustrated with concrete examples plucked from author Malcolm McDonald’s extensive career. You’ll discover must-implement security principles and even learn the fascinating tools and techniques the bad guys use to crack systems.
What's Inside
- A security-first development process
- Encryption in web applications
- Supply-chain and API attacks
- What to do when a hacker gets in
About the Reader
For readers who understand basic web application design and technologies.
About the Author
Malcolm McDonald is a security engineer with 20 years of experience across investment banking, start-ups, and PayPal, and he is the creator of hacksplaining.com.
The technical editor on this book was Rajvardhan Oak.
Quotes
Dives deep into the ‘whys’ of web vulnerabilities. You’ll gain a hacker’s perspective on exploiting weaknesses, leaving you empowered to protect your work.
- Sudesh Kannan, Principal Cybersecurity and Privacy Innovation Engineer
What every web developer should know about web application security.
- Michael Piscatello, Southern New Hampshire University
Vividly illustrates security threats, alongside their solutions, to provide readers the ‘why’ and ‘how’ behind them.
- Jaehyun Yeom, Bear Robotics
I highly recommend it! Up-to-date coverage and exceptional code examples.
- Najeeb Arif, Thoughtworks
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Watch now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.