Developing Secure Applications
Apress (Verlag)
978-1-4302-5875-9 (ISBN)
- Titel wird leider nicht erscheinen
- Artikel merken
The book has been logically organized into 4 units:
Fundamentals of security engineering, security testing, and development methodologies
Security testing recipes
Secure development guidelines and recipes
Case studies: the latest and interesting attack vectors
The highlights of the book are its coverage of the latest trends in attacks against web or mobile applications and the best practices for developing secure mobile applications.
Nishant Das Patnaik, 24, is an application security researcher by passion. He is currently working a Dedicated Paranoid at Yahoo! Inc at India. Prior to Yahoo!; he has worked at eBay Inc. as a Security Analyst. He has won numerous awards from his employers as an honor to his excellent professional skills. He has 4] years of experience in application security engineering & testing. He has released couple of security advisories for hardware, native and web application. He is the author of the open-source security tool Ra.2 a black box scanner for DOM-based cross-site scripting. He is also the author of the book: Software Hacking, co-authored by Ankit Fadia (ISBN 9788125928676). He has provided training on computer security at various event and broad spectrum of audiences including corporate, government & education sectors. He has spoken at security/technical conferences like BarCamp, Con etc. He has been featured and interviewed multiple times in the news by the TV, radio & print media for his expert opinions. Apart from his profession, an amateur keyboard player and cook by hobby is what that best describes him.
Section 1: The Basics 1. Survival Guide 1.1. URL 1.2. HTTP 1.3. Encoding 1.4. HTML 1.5. CSS 1.6. JavaScript 1.7. XML 2. Tools of the trade 2.1. Spiders 2.2. Proxy Tools 2.3. Encoders 2.4. Firefox Extensions 2.5. Blackbox Scanners Section 2: Web Applications Attacks 3. URLs 3.1. Cross-Site Scripting 3.2. SQL Injection 3.3. Open Redirect 3.4. Cross Site Request Forgery 3.5. HTTP Parameter Pollution 3.6. DOM-based XSS 3.7. XPATH Injection 3.8. XML Injection 4. Headers 4.1. Response Splitting 4.2. Referrer Spoofing 4.3. HTTP POST DoS - R.U.D.Y. 4.4. Slowloris 5. Configuration 5.1. Crossdomain.xml 5.2. X-Frame-Options 5.3. Access- Control -Allow-Origin 6. Design 6.1. Testing Forgot Password 6.2. Predictable Identifiers 6.3. Required Navigation 6.4. Repeatable (Online Polling) 6.5. CAPTCHA 7. HTML5/CSS3 7.1. Clickjacking 7.2. WebStorage 7.3. CursorJacking 7.4. X-Domain Content Extraction 7.5. FileJacking 7.6. FrameSniffing Section 3: The Field of Testing 8. Testing Web Services 8.1. Automating Security Testing with soapUI 9. Testing Mobile Application 9.1. Android 9.2. iPhone Appendix: From Vulnerability to Proof of Concept
| Erscheint lt. Verlag | 7.6.2018 |
|---|---|
| Verlagsort | Berkley |
| Sprache | englisch |
| Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
| Schlagworte | Computersicherheit |
| ISBN-10 | 1-4302-5875-6 / 1430258756 |
| ISBN-13 | 978-1-4302-5875-9 / 9781430258759 |
| Zustand | Neuware |
| Informationen gemäß Produktsicherheitsverordnung (GPSR) | |
| Haben Sie eine Frage zum Produkt? |
aus dem Bereich
