Atjaunināt sīkdatņu piekrišanu

E-grāmata: Web Application Security, A Beginner's Guide

4.07/5 (122 ratings by Goodreads)
,
  • Formāts: 384 pages
  • Sērija : Beginner's Guide
  • Izdošanas datums: 06-Dec-2011
  • Izdevniecība: Osborne/McGraw-Hill
  • Valoda: eng
  • ISBN-13: 9780071776127
Citas grāmatas par šo tēmu:
  • Formāts - EPUB+DRM
  • Cena: 46,88 €*
  • * ši ir gala cena, t.i., netiek piemērotas nekādas papildus atlaides
  • Ielikt grozā
  • Pievienot vēlmju sarakstam
  • Šī e-grāmata paredzēta tikai personīgai lietošanai. E-grāmatas nav iespējams atgriezt un nauda par iegādātajām e-grāmatām netiek atmaksāta.
Web Application Security, A Beginner's GuidePalielināt
  • Formāts: 384 pages
  • Sērija : Beginner's Guide
  • Izdošanas datums: 06-Dec-2011
  • Izdevniecība: Osborne/McGraw-Hill
  • Valoda: eng
  • ISBN-13: 9780071776127
Citas grāmatas par šo tēmu:

DRM restrictions

  • Kopēšana (kopēt/ievietot):

    nav atļauts

  • Drukāšana:

    nav atļauts

  • Lietošana:

    Digitālo tiesību pārvaldība (Digital Rights Management (DRM))
    Izdevējs ir piegādājis šo grāmatu šifrētā veidā, kas nozīmē, ka jums ir jāinstalē bezmaksas programmatūra, lai to atbloķētu un lasītu. Lai lasītu šo e-grāmatu, jums ir jāizveido Adobe ID. Vairāk informācijas šeit. E-grāmatu var lasīt un lejupielādēt līdz 6 ierīcēm (vienam lietotājam ar vienu un to pašu Adobe ID).

    Nepieciešamā programmatūra
    Lai lasītu šo e-grāmatu mobilajā ierīcē (tālrunī vai planšetdatorā), jums būs jāinstalē šī bezmaksas lietotne: PocketBook Reader (iOS / Android)

    Lai lejupielādētu un lasītu šo e-grāmatu datorā vai Mac datorā, jums ir nepieciešamid Adobe Digital Editions (šī ir bezmaksas lietotne, kas īpaši izstrādāta e-grāmatām. Tā nav tas pats, kas Adobe Reader, kas, iespējams, jau ir jūsu datorā.)

    Jūs nevarat lasīt šo e-grāmatu, izmantojot Amazon Kindle.

Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product. Security Smarts for the Self-Guided IT ProfessionalGet to know the hackersor plan on getting hacked. Sullivan and Liu have created a savvy, essentials-based approach to web app security packed with immediately applicable tools for any information security practitioner sharpening his or her tools or just starting out. Ryan McGeehan, Security Manager, Facebook, Inc.

Secure web applications from today's most devious hackers. Web Application Security: A Beginner's Guide helps you stock your security toolkit, prevent common hacks, and defend quickly against malicious attacks.

This practical resource includes chapters on authentication, authorization, and session management, along with browser, database, and file security--all supported by true stories from industry. You'll also get best practices for vulnerability detection and secure development, as well as a chapter that covers essential security fundamentals. This book's templates, checklists, and examples are designed to help you get started right away.

Web Application Security: A Beginner's Guide features:





Lingo--Common security terms defined so that you're in the know on the job IMHO--Frank and relevant opinions based on the authors' years of industry experience Budget Note--Tips for getting security technologies and processes into your organization's budget In Actual Practice--Exceptions to the rules of security explained in real-world contexts Your Plan--Customizable checklists you can use on the job now Into Action--Tips on how, why, and when to apply new skills and techniques at work
Acknowledgments xiii
Introduction xv
Part I Primer
1 Welcome to the Wide World of Web Application Security
3(20)
Misplaced Priorities and the Need for a New Focus
4(2)
Network Security versus Application Security: The Parable of the Wizard and the Magic Fruit Trees
6(3)
Real-World Parallels
7(2)
Thinking like a Defender
9(2)
The OWASP Top Ten List
11(9)
1 Injection
13(1)
2 Cross-Site Scripting (XSS)
13(1)
3 Broken Authentication and Session Management
14(1)
4 Insecure Direct Object References
15(1)
5 Cross-Site Request Forgery
15(1)
6 Security Misconfiguration
16(1)
7 Insecure Cryptographic Storage
16(1)
8 Failure to Restrict URL Access
17(1)
9 Insufficient Transport Layer Protection
18(1)
10 Unvalidated Redirects and Forwards
19(1)
Wrapping Up the OWASP Top Ten
19(1)
Secure Features, Not Just Security Features
20(1)
Final Thoughts
21(2)
2 Security Fundamentals
23(30)
Input Validation
24(8)
Blacklist Validation
25(2)
Whitelist Validation
27(3)
More Validation Practices
30(1)
The Defense-in-Depth Approach
31(1)
Attack Surface Reduction
32(3)
Attack Surface Reduction Rules of Thumb
34(1)
Classifying and Prioritizing Threats
35(18)
STRIDE
36(2)
IIMF
38(1)
CIA
39(2)
Common Weakness Enumeration (CWE)
41(1)
DREAD
42(2)
Common Vulnerability Scoring System (CVSS)
44(9)
Part II Web Application Security Principles
3 Authentication
53(38)
Access Control Overview
54(2)
Authentication Fundamentals
56(4)
Proving Your Identity
57(3)
Two-Factor and Three-Factor Authentication
60(1)
Web Application Authentication
61(9)
Password-Based Authentication Systems
61(1)
Built-In FM? Authentication
61(3)
Single Sign-On Authentication
64(3)
Custom Authentication Systems
67(2)
Validating Credentials
69(1)
Securing Password-Based Authentication
70(10)
Attacks Against Passwords
70(4)
The Importance of Password Complexity
74(2)
Password Best Practices
76(4)
Secure Authentication Best Practices
80(11)
When and Where to Perform Authentication
80(4)
Securing Web Authentication Mechanisms
84(7)
4 Authorization
91(58)
Access Control Continued
92(38)
Authorization
93(1)
Session Management
93(1)
Authorization Fundamentals
94(2)
Authorization Goals
96(1)
Detailed Authorization Check Process
96(6)
Types of Permissions
102(1)
Authorization Layers
103(5)
Controls by Layer
108(8)
Custom Authorization Mechanisms
116(4)
Client-Side Attack
120(1)
TOCTTOU Exploit
121(2)
Web Authorization Best Practices
123(4)
Attacks Against Authorization
127(3)
Session Management Fundamentals
130(10)
What's a Session?
130(3)
How to Manage Session State?
133(1)
Why Do We Need Session Management?
134(1)
Attacks Against Sessions
135(1)
SSL and HTTPS
136(2)
Jetty: Session Predictability in the Real World
138(2)
Attacks Against Session State
140(1)
Securing Web Application Session Management
140(9)
Session Management Best Practices
141(8)
5 Browser Security Principles: The Same-Origin Policy
149(20)
Defining the Same-Origin Policy
150(5)
An Important Distinction: Client-Side vs. Server-Side
152(2)
A World Without the Same-Origin Policy
154(1)
Exceptions to the Same-Origin Policy
155(11)
HTML script Element
155(1)
JSON and JSONP
156(2)
iframes and JavaScript document.domain
158(3)
Adobe Flash Player Cross-Domain Policy File
161(3)
Microsoft Silverlight
164(1)
XMLHttpRequest (Ajax) and Cross-Origin Resource Sharing
164(2)
XDomainRequest
166(1)
Final Thoughts on the Same-Origin Policy
166(3)
6 Browser Security Principles: Cross-Site Scripting and Cross-Site Request Forgery
169(44)
Cross-Site Scripting
170(27)
Cross-Site Scripting Explained
171(6)
Reflected XSS
177(3)
POST-Based Reflected XSS
180(2)
Stored XSS
182(2)
Local XSS
184(2)
Another Variation: HTML Injection
186(2)
XSS Defense: Encoding Output
188(3)
XSS Defense: Sanitizing Input
191(2)
XSS Defense: Using a Reduced Markup Language
193(1)
XSS Defense-in-Depth: HttpOnly
194(2)
XSS Defense-in-Ltpth: Content Security Policy (CSP)
196(1)
Final Thoughts on Cross-Site Scripting
197(1)
Cross-Site Request Forgery
197(16)
Cross-Site Request Forgery Explained
199(2)
HTTP GET and the Concept of Safe Methods
201(1)
Ineffective CSRF Defense: Relying on POST
202(1)
Ineffective CSRF Defense: Checking the Referer Header
202(2)
Ineffective CSRF Defense: URL Rewriting
204(1)
Better CSRF Defense: Shared Secrets
205(1)
Better CSRF Defense: Double-Submitted Cookies
206(1)
Prevent XSS
207(1)
Reauthentication
208(1)
What Being "Logged In" Means
208(2)
Final Thoughts on Cross-Site Request Forgery
210(3)
7 Database Security Principles
213(40)
Structured Query Language (SQL) Injection
215(23)
SQL Injection Effects and Confidentiality-Integrity-Availability
217(6)
The Dangers of Detailed Errors
223(4)
Blind SQL Injection: No Errors Required
227(3)
Solving the Problem: Validating Input
230(2)
Regular Expressions
232(1)
Solving the Problem: Escaping Input
233(5)
Setting Database Permissions
238(4)
Single Account Security
238(2)
Separate Accounts for Separate Roles
240(2)
Stored Procedure Security
242(4)
The Stored-Procedures-Only Approach: Reducing Permissions Even Further
243(1)
SQL Injection in Stored Procedures
244(2)
Insecure Direct Object References
246(7)
No Technical Knowledge Required
246(2)
Insecure Direct Object References and Confidentiality-Integrity-Availability
248(1)
Solving the Problem: Pre- or Post-Request Authorization Checks
249(2)
Final Thoughts on Insecure Direct Object References
251(2)
8 File Security Principles
253(34)
Keeping Your Source Code Secret
254(17)
Static Content and Dynamic Content
256(2)
Revealing Source Code
258(1)
Interpreted versus Compiled Code
259(1)
Backup File Leaks
260(4)
Include-File Leaks
264(1)
Keep Secrets Out of Static Files
265(3)
Exposing Sensitive Functionality
268(3)
Security Through Obscurity
271(1)
Forceful Browsing
271(7)
Forceful Browsing and Insecure Direct Object References
272(1)
Directory Enumeration
273(3)
Redirect Workflow Manipulation
276(2)
Directory Traversal
278(4)
etc/passwd
279(1)
More Directory Traversal Vulnerabilities
280(2)
Canonicalization
282(5)
Part III Secure Development and Deployment
9 Secure Development Methodologies
287
Baking Security In
288(5)
The Earlier, the Better
288(3)
The Penetrate-and-Patch Approach
291(2)
The Holistic Approach to Application Security
293(18)
Training
294(2)
Threat Modeling
296(5)
Secure Coding Libraries
301(2)
Code Review
303(3)
Security Testing
306(3)
Security Incident Response Planning
309(2)
Industry Standard Secure Development Methodologies and Maturity Models
311(4)
The Microsoft Security Development Lifecycle (SDL)
311(1)
OWASP Comprehensive Lightweight Application Security Process (CLASP)
312(2)
The Software Assurance Maturity Model (SAMM)
314(1)
The Building Security In Maturity Model (BSIMM)
315(1)
Conclusions on Secure Development Methodologies and Maturity Models
316
Epilogue The Wizard, the Giant, and the Magic
Fruit Trees: A Happy Ending 319(2)
Index 321
McGraw-Hill authors represent the leading experts in their fields and are dedicated to improving the lives, careers, and interests of readers worldwide
Biežāk uzdotie jautājumi par e-grāmatām Biežāk uzdotie jautājumi par e-grāmatām
Permanent link: https://www.kriso.lv/db/97800717761276e.html