Web application security exploitation and countermeasures for modern web applications

While many resources for network and IT security are available, detailed knowledge regarding modern web application security has been lacking-until now. This practical guide provides both offensive and defensive security concepts that software engineers can easily learn and apply. Andrew Hoffman, a...

Full description

Bibliographic Details
Main Author: Hoffman, Andrew
Format: eBook
Language:English
Published: [Place of publication not identified] O'Reilly Media, Inc 2020
Subjects:
Online Access:
Collection: O'Reilly - Collection details see MPG.ReNa
Table of Contents:
  • The history of software security
  • Part I. Recon. Introduction to web application reconnaissance
  • The structure of a modern web application
  • Finding subdomains
  • API analysis
  • Identifying third-party dependencies
  • Identifying weak points in application architecture
  • Part II. Offense. Introduction to hacking web applications
  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF)
  • XML external entity (XXE)
  • Injection
  • Denial of service (DoS)
  • Exploiting third-party dependencies
  • Part III. Defense. Securing modern web applications
  • Secure application architecture
  • Reviewing code for security
  • Vulnerability discovery
  • vulnerability management
  • Defending against XSS attacks
  • Defending against CSRF attacks
  • Defending against XXE
  • Defending against injection
  • Defending against DoS
  • Securing third-party dependencies