|
Developer's Guide to Web Application Security | 
 enlarge | Author: Matt Fisher
Publisher: Syngress
Category: Book
List Price: $49.95
Buy New: $31.91
You Save: $18.04 (36%)
New (33) Used (11) from $27.89
Rating:  3 reviews
Sales Rank: 760446
Format: Illustrated
Media: Paperback
Edition: 1
Pages: 504
Number Of Items: 1
Shipping Weight (lbs): 1.4
Dimensions (in): 8.7 x 7 x 1.4
ISBN: 159749061X
Dewey Decimal Number: 005.8
EAN: 9781597490610
ASIN: 159749061X
Publication Date: July 1, 2006
Availability: Usually ships in 1-2 business days
Shipping: International shipping available
Condition: Brand New, Perfect Condition, Please allow 4-14 business days for delivery. 100% Money Back Guarantee, Over 1,000,000 customers served.
| |
| Also Available In:
|
| Similar Items:
|
| Editorial Reviews:
Product Description
75% of attacks targeted against specific systems are aimed against the web application itself; not the operating system or network. While current security technologies and practices are aimed for the operating system and network, the custom developed software that runs the web application is the most exposed portion of any website, and often the most vulnerable. This book defines Web application security, why it should be addressed earlier in the lifecycle in development and quality assurance, and how it differs from other types of Internet security. Additionally, the book examines the procedures and technologies that are essential to developing, penetration testing and releasing a secure Web application. Through a review of recent Web application breaches, the book will expose the prolific methods hackers use to execute Web attacks using common vulnerabilities such as SQL Injection, Cross-Site Scripting and Buffer Overflows in the application layer. By taking an in-depth look at the techniques hackers use to exploit Web applications, readers will be better equipped to protect confidential.
|
| Customer Reviews:
 Just not quite the book it promises to be June 3, 2008
Jay P. Vansanten
1 out of 1 found this review helpful
More recent books on web application security are welcomed. The publication date of 2006 suggests it might fall into that category.
The focus on the programmer is also welcomed. Many security books deal with threats, but the actual practice of programming to ameliorate those threats may not be readily apparent. One would like support for a programmer "security mindset" and specific strategies to implement that.
The book is addressed to programmers and written in a fashion that is engaging. And, as a more general work to highlight the importance of security at the development stage, it's OK.
But, there's just not much depth here for it's intended topic. And, the content appears to reflect lectures presented in the 90s. There's some significant reference to C, which is not typically used in contemporary web programming. The focus tends towards the *nix world, but again a fair amount of emphasis, as I recall, on cgi, where again, PHP is more commonly used today. References in the Microsoft world are exclusively to ASP -- a technology which was superseded in 2002 by ASP.NET.
There's some appropriate programming advice here. But, it's soft rather than hard, and diffuse and general rather than focused and specific.
I would rate it 3 stars for that content if it were more appropriately titled.
 Good read for the security conscious March 17, 2007
Jason (Bozeman, MT USA)
1 out of 2 found this review helpful
When I came across this book on the O'Reilly website I was immediately interested, as web applications are becoming more and more prevalent. And other than thinking it covered methods of securing web applications I had no preconceived assumptions. My main aspiration for this book was to give me better awareness of security in the area of web applications and to provide me with some tools. After having read this book I can say that it has done both.
Each of the chapters in this book seem to follow a pattern of first defining the topic, second giving real world examples, and finally providing the reader with solutions. The book begins by providing a history of the hacking methodology and defining the various types of hacking. It was interesting to learn about some of the various hacks and hackers. For example, I had no idea Steve Jobs (Apple Computers) used to be a hacker.
In chapter two the author discusses what he calls a "Code Grinder", and how to not become or produce a code grinder. A code grinder is someone who works in a highly regulated environment where creativity is discouraged. I found it interesting that a code grinder environment typically produces more unsecure code then an environment that is open and promotes creativity.
Chapter three discusses the risks associated with mobile code. Chapter four covers vulnerable CGI scripts and introduces the reader to some tools such as Nikto and Web Hack Control Center to scan your website to find vulnerabilities. The author goes on to discuss the issues faced by the various CGI scripting languages, and then provides an outline of rules to writing secure CGI scripts.
Chapter five covers hacking techniques and tools. This section gets you into the mind of a hacker, what are their goals, how are those goals achieved and what tools do they use. In chapter six the topic is "Code Auditing and Reverse Engineering." This chapter I found exceptionally interesting and helpful. The author takes you through various types of vulnerabilities and with each weakness explains how it affects each of the more popular programming/scripting languages. And to take it a step further the author also provides the reader with the functions/methods for each programming/scripting language that are vulnerable to attack and then explains either how to use those functions securely or gives an alternative function/method that is more secure.
Chapters seven through ten cover securing code in specific languages; Java, XML, ActiveX, and ColdFusion. Chapter eleven discusses developing security enabled applications using such technologies as PGP, SSL, and PKI. Finally in chapter twelve the author wraps up the book by taking the reader through creating and working with a security plan.
CONCLUSION
--
I found this book to be interesting and a good read. I plan to make use of some of the tools it introduced in hardening applications I work with and develop. And as I mentioned before, the chapter on code auditing will be extremely useful to me in cleaning up existing apps and developing new ones. I liked this book and I would recommend it to anyone who is writing code.
Great Overview of a complex subject! February 20, 2007
Richard Callaby (Bradenton, Florida)
1 out of 2 found this review helpful
With the increasing number of incidents of crime that is occurring on the world wide web it behooves every programmer to become fluent in all aspects of information security. This book provides a great overview of the various methods a hacker uses to penetrate various forms of web architectures. The author's goals it seems was to cover a broad subject by touching on all important aspects of securing a website.
Throughout the book a hacker mindset is presented and how to design your website to overcome the tools and tricks of the hacker. For instance in many of the chapters the manner of attack that a hacker would use to exploit a piece of technology is covered. Overall I believe this book to be a good introduction to the field of securing websites. Since security in of itself is such a broad subject and the Internet is also a broad subject it is unfair to expect one book to cover all aspects of a complex and dynamic environment
|
|
|
SEO and Marketing TipsBETA RELEASE | |
