Free Downloads
Developer's Guide To Web Application Security

Over 75% of network attacks are targeted at the web application layer. This book provides explicit hacks, tutorials, penetration tests, and step-by-step demonstrations for security professionals and Web application developers to defend their most vulnerable applications.This book defines Web application security, why it should be addressed earlier in the lifecycle in development and quality assurance, and how it differs from other types of Internet security. Additionally, the book examines the procedures and technologies that are essential to developing, penetration testing and releasing a secure Web application. Through a review of recent Web application breaches, the book will expose the prolific methods hackers use to execute Web attacks using common vulnerabilities such as SQL Injection, Cross-Site Scripting and Buffer Overflows in the application layer. By taking an in-depth look at the techniques hackers use to exploit Web applications, readers will be better equipped to protect confidential.* The Yankee Group estimates the market for Web application-security products and services will grow to $1.74 billion by 2007 from $140 million in 2002 * Author Michael Cross is a highly sought after speaker who regularly delivers Web Application presentations at leading conferences including: Black Hat, TechnoSecurity, CanSec West, Shmoo Con, Information Security, RSA Conferences, and more * The Companion Web site will have downloadable code and scripts presented in the book (http://www.elsevierdirect.com/v2/companion.jsp?ISBN=9781597490610)

Paperback: 500 pages

Publisher: Syngress; 1 edition (February 15, 2007)

Language: English

ISBN-10: 159749061X

ISBN-13: 978-1597490610

Product Dimensions: 7.1 x 1.4 x 8.9 inches

Shipping Weight: 1.4 pounds (View shipping rates and policies)

Average Customer Review: 4.2 out of 5 stars  See all reviews (4 customer reviews)

Best Sellers Rank: #2,228,746 in Books (See Top 100 in Books) #53 in Books > Computers & Technology > Programming > Cross-platform Development #525 in Books > Computers & Technology > Certification > CompTIA #930 in Books > Computers & Technology > Databases & Big Data > SQL

When I came across this book on the O'Reilly website I was immediately interested, as web applications are becoming more and more prevalent. And other than thinking it covered methods of securing web applications I had no preconceived assumptions. My main aspiration for this book was to give me better awareness of security in the area of web applications and to provide me with some tools. After having read this book I can say that it has done both.Each of the chapters in this book seem to follow a pattern of first defining the topic, second giving real world examples, and finally providing the reader with solutions. The book begins by providing a history of the hacking methodology and defining the various types of hacking. It was interesting to learn about some of the various hacks and hackers. For example, I had no idea Steve Jobs (Apple Computers) used to be a hacker.In chapter two the author discusses what he calls a "Code Grinder", and how to not become or produce a code grinder. A code grinder is someone who works in a highly regulated environment where creativity is discouraged. I found it interesting that a code grinder environment typically produces more unsecure code then an environment that is open and promotes creativity.Chapter three discusses the risks associated with mobile code. Chapter four covers vulnerable CGI scripts and introduces the reader to some tools such as Nikto and Web Hack Control Center to scan your website to find vulnerabilities. The author goes on to discuss the issues faced by the various CGI scripting languages, and then provides an outline of rules to writing secure CGI scripts.Chapter five covers hacking techniques and tools.

Developer's Guide to Web Application Security Home Security: Top 10 Home Security Strategies to Protect Your House and Family Against Criminals and Break-ins (home security monitor, home security system diy, secure home network) Ajax for Web Application Developers (Developer's Library) Programming the Web with ColdFusion MX 6.1 Using XHTML (Web Developer Series) Adobe ColdFusion 9 Web Application Construction Kit, Volume 3: Advanced Application Development The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws Social Security: Time for a Life of Leisure - The Guide of Secrets to Maximising Social Security Retirement Benefits and Planning Your Retirement (social ... disability, social security made simple) The iOS 5 Developer's Cookbook: Core Concepts and Essential Recipes for iOS Programmers (Developer's Library) The Swift Developer's Cookbook (includes Content Update Program) (Developer's Library) Pro ASP.NET Web API Security: Securing ASP.NET Web API (Expert's Voice in .NET) Python: Learn Web Scraping with Python In A DAY! - The Ultimate Crash Course to Learning the Basics of Web Scraping with Python In No Time (Web Scraping ... Python Books, Python for Beginners) SNMP Application Developer's Guide (VNR Communications Library) Activex All in One: A Web Developer's Guide (Prentice Hall Ptr Activex Series) How to Write a Software Patent Application: Your Guide to Quickly Writing Your US Software Patent Application Hunting Security Bugs (Developer Reference) The Web Game Developer's Cookbook: Using JavaScript and HTML5 to Develop Games (Game Design) AJAX, Rich Internet Applications, and Web Development for Programmers (Deitel Developer Series) Microsoft ASP.NET and AJAX: Architecting Web Applications (Developer Reference) Patent Drafting Secrets- How to write a patent application for an invention and how to draft a patent application for an invention The Wilborn Method, Social Security Disability: A Step-by-Step Guide to Getting Your Benefits: Initial Application Level