Web Application Security: Exploitation and Countermeasures for Modern Web Applications

While many resources for network and IT security are available, detailed knowledge regarding modern web application security has been lacking-until now. This practical guide provides both offensive and defensive security concepts that software engineers can easily learn and apply. Andrew Hoffman, a senior security engineer at Salesforce, introduces three pillars of web application security: recon, offense, and defense. You'll learn methods for effectively researching and analyzing modern web applications-including those you don't have direct access to. You'll also learn how to break into web applications using the latest hacking techniques. Finally, you'll learn how to develop mitigations for use in your own web applications to protect against hackers. Explore common vulnerabilities plaguing today's web applications.

Book contents:

  1. The History of Software Security

  2. Recon

  3. Introduction to Web Application Reconnaissance

  4. The Structure of a Modern Web Application

  5. Finding Subdomains

  6. API Analysis

  7. Identifying Third-Party Dependencies

  8. Identifying Weak Points in Application Architecture

  9. Part I Summary

  10. Introduction to Hacking Web Applications

  11. Cross-Site Scripting (XSS)

  12. Cross-Site Request Forgery (CSRF)

  13. XML External Entity (XXE)

  14. Injection

  15. Denial of Service (DoS)

  16. Exploiting Third-Party Dependencies

  17. Securing Modern Web Applications

  18. Secure Application Architecture

  19. Reviewing Code for Security

  20. Vulnerability Discovery

  21. Vulnerability Management

  22. Defending Against XSS Attacks

  23. Defending Against CSRF Attacks

  24. Defending Against XXE

  25. Defending Against Injection

  26. Defending Against DoS

  27. Securing Third-Party Dependencies

  28. Summary

  29. Conclusion