Sign in  |  Register
Advanced search
Publication Cover

CITATION

Sullivan, Bryan and Liu, Vincent. Web Application Security, A Beginner's Guide. US: McGraw-Hill Osborne Media, 2011.

Web Application Security, A Beginner's Guide

Authors: Bryan Sullivan and Vincent Liu

Published:  November 2011

eISBN: 9780071776127 0071776125 | ISBN: 9780071776165
Open eBook
  • Contents
  • Acknowledgments
  • Introduction
  • Part I: Primer
  • 1 Welcome to the Wide World of Web application Security
  • Misplaced Priorities and the Need for a New Focus
  • Network Security versus Application Security: The Parable of the Wizard and the Magic Fruit Trees
  • Thinking like a Defender
  • The OWASP Top Ten List
  • Secure Features, Not Just Security Features
  • Final Thoughts
  • 2 Security Fundamentals
  • Input Validation
  • Attack Surface Reduction
  • Classifying and Prioritizing Threats
  • Part II: Web application Security Principles
  • 3 Authentication
  • Access Control Overview
  • Authentication Fundamentals
  • Two-Factor and Three-Factor Authentication
  • Web Application Authentication
  • Securing Password-Based Authentication
  • Secure Authentication Best Practices
  • 4 Authorization
  • Access Control Continued
  • Session Management Fundamentals
  • Securing Web Application Session Management
  • 5 Browser Security Principles: the Same-Origin Policy
  • Defining the Same-Origin Policy
  • Exceptions to the Same-Origin Policy
  • Final Thoughts on the Same-Origin Policy
  • 6 Browser Security Principles: Cross-Site Scripting and Cross-Site Request Forgery
  • Cross-Site Scripting
  • Cross-Site Request Forgery
  • 7 Database Security Principles
  • Structured Query Language (SQL) Injection
  • Setting Database Permissions
  • Stored Procedure Security
  • Insecure Direct Object References
  • 8 File Security Principles
  • Keeping Your Source Code Secret
  • Security Through Obscurity
  • Forceful Browsing
  • Directory Traversal
  • Part III: Secure Development and Deployment
  • 9 Secure Development Methodologies
  • Baking Security In
  • The Holistic Approach to Application Security
  • Industry Standard Secure Development Methodologies and Maturity Models
  • Epilogue: The Wizard, the Giant, and the Magic Fruit trees: a Happy Ending
  • Index