Web Application Security: Exploitation and Countermeasures for Modern Web Applications

Hoffman, Andrew

買這商品的人也買了...

商品描述

While many resources for network and IT security are available, detailed knowledge regarding modern web application security has been lacking—until now. This practical guide provides both offensive and defensive security concepts that software engineers can easily learn and apply.

Andrew Hoffman, a senior security engineer at Salesforce, introduces three pillars of web application security: recon, offense, and defense. You’ll learn methods for effectively researching and analyzing modern web applications—including those you don’t have direct access to. You’ll also learn how to break into web applications using the latest hacking techniques. Finally, you’ll learn how to develop mitigations for use in your own web applications to protect against hackers.

  • Explore common vulnerabilities plaguing today's web applications
  • Learn essential hacking techniques attackers use to exploit applications
  • Map and document web applications for which you don’t have direct access
  • Develop and deploy customized exploits that can bypass common defenses
  • Develop and deploy mitigations to protect your applications against hackers
  • Integrate secure coding best practices into your development lifecycle
  • Get practical tips to help you improve the overall security of your web applications

商品描述(中文翻譯)

雖然有許多關於網路和IT安全的資源可供使用,但對於現代網頁應用程式安全的詳細知識一直以來都缺乏。直到現在,這本實用指南提供了軟體工程師可以輕鬆學習和應用的攻擊和防禦安全概念。

Salesforce的高級安全工程師Andrew Hoffman介紹了網頁應用程式安全的三個支柱:偵查、攻擊和防禦。您將學習有效地研究和分析現代網頁應用程式的方法,包括那些您無法直接存取的應用程式。您還將學習如何使用最新的駭客技術來入侵網頁應用程式。最後,您將學習如何開發用於保護自己的網頁應用程式免受駭客攻擊的緩解措施。

- 探索困擾當今網頁應用程式的常見漏洞
- 學習攻擊者使用的關鍵駭客技術來利用應用程式
- 對您無法直接存取的網頁應用程式進行映射和文件化
- 開發和部署可以繞過常見防禦的自定義攻擊
- 開發和部署緩解措施,以保護您的應用程式免受駭客攻擊
- 將安全編碼最佳實踐整合到您的開發生命週期中
- 獲得實用的提示,幫助您改善網頁應用程式的整體安全性

作者簡介

Andrew Hoffman is a product security lead at Salesforce.com, where he is responsible for the security of multiple JavaScript, NodeJS, and OSS teams. His expertise is in deep DOM and JavaScript security vulnerabilities. He has worked with every major browser vendor, as well as with TC39 and WHATWG ? the organizations responsible for the upcoming version of JavaScript and the browser DOM spec.

Prior to this role, Andrew was a software security engineer working on Locker Service, the world's first JavaScript namespace isolation library that operates from the interpreter level up. In parallel, Andrew also contributed to the upcoming JavaScript language security feature "Realms," which provides language level namespace isolation to JavaScript.

作者簡介(中文翻譯)

Andrew Hoffman 是 Salesforce.com 的產品安全主管,負責多個 JavaScript、NodeJS 和 OSS 團隊的安全工作。他的專長是深入研究 DOM 和 JavaScript 的安全漏洞。他曾與所有主要的瀏覽器供應商合作,以及與 TC39 和 WHATWG 合作,這兩個組織負責即將推出的 JavaScript 版本和瀏覽器 DOM 規範。

在擔任這個職位之前,Andrew 是一名軟體安全工程師,負責開發 Locker Service,這是世界上第一個從解譯器層級開始運作的 JavaScript 命名空間隔離庫。同時,Andrew 也為即將推出的 JavaScript 語言安全功能「Realms」做出了貢獻,該功能為 JavaScript 提供了語言層級的命名空間隔離。