Sign in
|
Register
|
Mobile
Home
Browse
About us
Help/FAQ
Advanced search
Home
>
Browse
>
Beginner's Guide
>
Web Application Security, A Beginner's Guide
CITATION
Sullivan, Bryan and
Liu, Vincent
.
Web Application Security, A Beginner's Guide
.
US
: McGraw-Hill Osborne Media, 2011.
Add to Favorites
Email to a Friend
Download Citation
Web Application Security, A Beginner's Guide
Authors:
Bryan Sullivan
and
Vincent Liu
Published:
November 2011
eISBN:
9780071776127 0071776125
|
ISBN:
9780071776165
Open eBook
Book Description
Table of Contents
Contents
Acknowledgments
Introduction
Part I: Primer
1 Welcome to the Wide World of Web application Security
Misplaced Priorities and the Need for a New Focus
Network Security versus Application Security: The Parable of the Wizard and the Magic Fruit Trees
Thinking like a Defender
The OWASP Top Ten List
Secure Features, Not Just Security Features
Final Thoughts
2 Security Fundamentals
Input Validation
Attack Surface Reduction
Classifying and Prioritizing Threats
Part II: Web application Security Principles
3 Authentication
Access Control Overview
Authentication Fundamentals
Two-Factor and Three-Factor Authentication
Web Application Authentication
Securing Password-Based Authentication
Secure Authentication Best Practices
4 Authorization
Access Control Continued
Session Management Fundamentals
Securing Web Application Session Management
5 Browser Security Principles: the Same-Origin Policy
Defining the Same-Origin Policy
Exceptions to the Same-Origin Policy
Final Thoughts on the Same-Origin Policy
6 Browser Security Principles: Cross-Site Scripting and Cross-Site Request Forgery
Cross-Site Scripting
Cross-Site Request Forgery
7 Database Security Principles
Structured Query Language (SQL) Injection
Setting Database Permissions
Stored Procedure Security
Insecure Direct Object References
8 File Security Principles
Keeping Your Source Code Secret
Security Through Obscurity
Forceful Browsing
Directory Traversal
Part III: Secure Development and Deployment
9 Secure Development Methodologies
Baking Security In
The Holistic Approach to Application Security
Industry Standard Secure Development Methodologies and Maturity Models
Epilogue: The Wizard, the Giant, and the Magic Fruit trees: a Happy Ending
Index