Parametry
- 320 stránek
- 12 hodin čtení
Více o knize
"Thorough and comprehensive coverage from one of the foremost experts in browser security." --Tavis Ormandy, Google Inc. Modern web applications are constructed from a complex mix of technologies, each contributing subtle security implications. Developers must adeptly navigate this landscape to ensure user safety. Michal Zalewski, a leading authority on browser security, provides an insightful narrative that clarifies how browsers operate and their inherent insecurities. Instead of offering simplistic advice on vulnerabilities, he delves into the entire browser security model, identifying weaknesses and supplying vital information for enhancing web application security. Key learning points include: executing complex tasks like URL parsing and HTML sanitization; utilizing modern security features such as Strict Transport Security, CSP, and CORS; applying various forms of the same-origin policy to compartmentalize web applications and safeguard user credentials against XSS bugs; creating mashups and embedding gadgets while navigating frame navigation policies; and managing user-supplied content without falling victim to content sniffing. Each chapter concludes with "Security Engineering Cheat Sheets" for quick reference, providing ready solutions to common challenges. With insights extending to anticipated HTML5 features, this resource equips developers to build secure web applications that endure.
Nákup knihy
The Tangled Web, Michal Zalewski
- Jazyk
- Rok vydání
- 2011
- product-detail.submit-box.info.binding
- (měkká),
- Stav knihy
- Poškozená
- Cena
- 180 Kč
Doručení
Platební metody
Nikdo zatím neohodnotil.
- Titul
- The Tangled Web
- Podtitul
- A Guide to Securing Modern Web Applications
- Jazyk
- anglicky
- Autoři
- Michal Zalewski
- Vydavatel
- No Starch Press
- Rok vydání
- 2011
- Vazba
- měkká
- Počet stran
- 320
- ISBN10
- 1593273886
- ISBN13
- 9781593273880
- Série
- Štítky
- Naučná literatura, Byznys, Technologie & Průmysl, Právní tématika, Příručky a návody, Počítače & Internet, Technologie, Finance, Špionáž, Kriminalistika, Zaměstnání, Strojírenství, Internet, Dozor, sledování, Hackeři, Linux, Brouci a broučci, Počítačové sítě, Soukromí, Hacking, Darkweb
- Anotace
- "Thorough and comprehensive coverage from one of the foremost experts in browser security." --Tavis Ormandy, Google Inc. Modern web applications are constructed from a complex mix of technologies, each contributing subtle security implications. Developers must adeptly navigate this landscape to ensure user safety. Michal Zalewski, a leading authority on browser security, provides an insightful narrative that clarifies how browsers operate and their inherent insecurities. Instead of offering simplistic advice on vulnerabilities, he delves into the entire browser security model, identifying weaknesses and supplying vital information for enhancing web application security. Key learning points include: executing complex tasks like URL parsing and HTML sanitization; utilizing modern security features such as Strict Transport Security, CSP, and CORS; applying various forms of the same-origin policy to compartmentalize web applications and safeguard user credentials against XSS bugs; creating mashups and embedding gadgets while navigating frame navigation policies; and managing user-supplied content without falling victim to content sniffing. Each chapter concludes with "Security Engineering Cheat Sheets" for quick reference, providing ready solutions to common challenges. With insights extending to anticipated HTML5 features, this resource equips developers to build secure web applications that endure.