Web Security for Developers

Web Security for Developers

Released
Publisher(s): No Starch Press
ISBN: None

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

None

Table of contents

  1. Cover Page
  2. Title Page
  3. Copyright Page
  4. About the Authors
  5. BRIEF CONTENTS
  6. CONTENTS IN DETAIL
  7. ACKNOWLEDGMENTS
  8. INTRODUCTION
    1. About This Book
    2. Who Should Read This Book
    3. A Brief History of the Internet
    4. What’s in This Book
  9. 1 LET’S HACK A WEBSITE
    1. Software Exploits and the Dark Web
    2. How to Hack a Website
  10. Part I: The Basics
  11. 2 HOW THE INTERNET WORKS
    1. The Internet Protocol Suite
    2. Application Layer Protocols
    3. Stateful Connections
    4. Encryption
    5. Summary
  12. 3 HOW BROWSERS WORK
    1. Web Page Rendering
    2. JavaScript
    3. Before and After Rendering: Everything Else the Browser Does
    4. Summary
  13. 4 HOW WEB SERVERS WORK
    1. Static and Dynamic Resources
    2. Static Resources
    3. Dynamic Resources
    4. Summary
  14. 5 HOW PROGRAMMERS WORK
    1. Phase 1: Design and Analysis
    2. Phase 2: Writing Code
    3. Phase 3: Pre-Release Testing
    4. Phase 4: The Release Process
    5. Phase 5: Post-Release Testing and Observation
    6. Dependency Management
    7. Summary
  15. Part II: The Threats
  16. 6 INJECTION ATTACKS
    1. SQL Injection
    2. Command Injection
    3. Remote Code Execution
    4. File Upload Vulnerabilities
    5. Summary
  17. 7 CROSS-SITE SCRIPTING ATTACKS
    1. Stored Cross-Site Scripting Attacks
    2. Reflected Cross-Site Scripting Attacks
    3. DOM-Based Cross-Site Scripting Attacks
    4. Summary
  18. 8 CROSS-SITE REQUEST FORGERY ATTACKS
    1. Anatomy of a CSRF Attack
    2. Mitigation 1: Follow REST Principles
    3. Mitigation 2: Implement Anti-CSRF Cookies
    4. Mitigation 3: Use the SameSite Cookie Attribute
    5. Bonus Mitigation: Require Reauthentication for Sensitive Actions
    6. Summary
  19. 9 COMPROMISING AUTHENTICATION
    1. Implementing Authentication
    2. Mitigation 1: Use Third-Party Authentication
    3. Mitigation 2: Integrate with Single Sign-On
    4. Mitigation 3: Secure Your Own Authentication System
    5. Summary
  20. 10 SESSION HIJACKING
    1. How Sessions Work
    2. How Attackers Hijack Sessions
    3. Summary
  21. 11 PERMISSIONS
    1. Privilege Escalation
    2. Access Control
    3. Directory Traversal
    4. Summary
  22. 12 INFORMATION LEAKS
    1. Mitigation 1: Disable Telltale Server Headers
    2. Mitigation 2: Use Clean URLs
    3. Mitigation 3: Use Generic Cookie Parameters
    4. Mitigation 4: Disable Client-Side Error Reporting
    5. Mitigation 5: Minify or Obfuscate Your JavaScript Files
    6. Mitigation 6: Sanitize Your Client-Side Files
    7. Stay on Top of Security Advisories
    8. Summary
  23. 13 ENCRYPTION
    1. Encryption in the Internet Protocol
    2. Enabling HTTPS
    3. Attacking HTTP (and HTTPS)
    4. Summary
  24. 14 THIRD-PARTY CODE
    1. Securing Dependencies
    2. Securing Configuration
    3. Securing the Services That You Use
    4. Services as an Attack Vector
    5. Summary
  25. 15 XML ATTACKS
    1. The Uses of XML
    2. Validating XML
    3. XML Bombs
    4. XML External Entity Attacks
    5. Securing Your XML Parser
    6. Other Considerations
    7. Summary
  26. 16 DON’T BE AN ACCESSORY
    1. Email Fraud
    2. Disguising Malicious Links in Email
    3. Clickjacking
    4. Server-Side Request Forgery
    5. Botnets
    6. Summary
  27. 17 DENIAL-OF-SERVICE ATTACKS
    1. Denial-of-Service Attack Types
    2. Denial-of-Service Attack Mitigation
    3. Summary
  28. 18 SUMMING UP
  29. INDEX

Product information

  • Title: Web Security for Developers
  • Author(s):
  • Release date:
  • Publisher(s): No Starch Press
  • ISBN: None