• Title: Web Application Security: Exploitation and Countermeasures for Modern Web Applications
• Author(s) Andrew Hoffman
• Publisher: O'Reilly Media; 1st edition (March 17, 2020); eBook (Free NGINX Edition)
• Permission: Free eBook Complimented by NGINX
• Hardcover/Paperback: 330 pages
• eBook:PDF (5.2 MB)
• Language: English
• ISBN-10: 1492053112
• ISBN-13: 978-1492053118
• Share This:  

Book Description

While many resources for network and IT security are available, detailed knowledge regarding modern web application security has been lacking—until now. This practical guide provides both offensive and defensive security concepts that software engineers can easily learn and apply.

It introduces three pillars of web application security: recon, offense, and defense. You'll learn methods for effectively researching and analyzing modern web applications - including those you don't have direct access to. You'll also learn how to break into web applications using the latest hacking techniques. Finally, you'll learn how to develop mitigations for use in your own web applications to protect against hackers.

• Explore common vulnerabilities plaguing today's web applications
• Learn essential hacking techniques attackers use to exploit applications
• Map and document web applications for which you don’t have direct access
• Develop and deploy customized exploits that can bypass common defenses
• Develop and deploy mitigations to protect your applications against hackers
• Integrate secure coding best practices into your development lifecycle
• Get practical tips to help you improve the overall security of your web applications

• Andrew Hoffman is a senior product security engineer at Salesforce.com, where he is responsible for the security of multiple JavaScript, NodeJS, and OSS teams. His expertise is in deep DOM and JavaScript security vulnerabilities.

• Amazon

• Web Programming
• Computer and Information Security

• Web Application Security: Exploitation and Countermeasures (Andrew Hoffman)
• The Mirror Site (1) - PDF
• The Mirror Site (2) - PDF

• Security of Ubiquitous Computing Systems (Gildas Avoine, et al)

  It is to improve and adapt existent cryptanalysis methodologies and tools to the ubiquitous computing framework that lies along four axes: cryptographic models, cryptanalysis of building blocks, security engineering, and security assessment.

• Security Concepts (Subspacefield)

  This is a book about computer, network, technical, physical, information and cryptographic security, illustrated with interesting and entertaining examples. It is not intended to be an introductory text, although a beginner could gain something from it.

• Rational Cybersecurity for Business (Daniel Blum)

  This open access book presents six priority areas to focus on to maximize the effectiveness of your cybersecurity program: risk management, control baseline, security culture, IT rationalization, access control, and cyber-resilience.

• Security Engineering: Building Dependable Distributed Systems

  It makes it clear just how difficult it is to protect information systems from corruption, eavesdropping, unauthorized use, and general malice, offers a lot of thoughts on how information can be made more secure by both technologies and strategies.

• Web Application Security Guide (Jan Schejbal)

  This book provides explicit hacks, tutorials, penetration tests, and step-by-step demonstrations for security professionals and Web application developers to defend their most vulnerable applications.

• Web Application Security for Dummies (Mike Shema)

  This book is a quick guide to understanding how to make your website secure. It surveys the best steps for establishing a regular program to quickly find vulnerabilities in your site with a web application scanner.

• Web Servers Succinctly (Marc Clifton)

  This book provides great insights on the benefits of building your own web server, and covers different options available for threading, work processes, session management, routing, and security.

• Demystifying Internet of Things Security (Sunil Cheruvu, et al)

  This open access book reviews the threat pyramid, secure boot, chain of trust, and the SW stack leading up to defense-in-depth. It provides clarity to industry professionals and provides and overview of different security solutions.