75% of attacks targeted against specific systems are aimed against the web application itself; not the operating system or network. While current security technologies and practices are aimed for the operating system and network, the custom developed software that runs the web application is the most exposed portion of any website, and often the most vulnerable. This book defines Web application security, why it should be addressed earlier in the lifecycle in development and quality assurance, and how it differs from other types of Internet security. Additionally, the book examines the procedures and technologies that are essential to developing, penetration testing and releasing a secure Web application. Through a review of recent Web application breaches, the book will expose the prolific methods hackers use to execute Web attacks using common vulnerabilities such as SQL Injection, Cross-Site Scripting and Buffer Overflows in the application layer. By taking an in-depth look at the techniques hackers use to exploit Web applications, readers will be better equipped to protect confidential.
Customer Reviews:
Avg. Customer Rating: 4.0 / 5.0
Just not quite the book it promises to be:
More recent books on web application security are welcomed. The publication date of 2006 suggests it might fall into that category. The focus on the programmer is also welcomed. Many security books deal with threats, but the actual practice of programming to ameliorate those threats may not be readily apparent. One would like support for a programmer "security mindset" and specific strategies to implement that. The book is addressed to programmers and written in a fashion that is engaging. And, as... more info
Good read for the security conscious:
When I came across this book on the O'Reilly website I was immediately interested, as web applications are becoming more and more prevalent. And other than thinking it covered methods of securing web applications I had no preconceived assumptions. My main aspiration for this book was to give me better awareness of security in the area of web applications and to provide me with some tools. After having read this book I can say that it has done both. Each of the chapters in this book seem to follow a... more info
Great Overview of a complex subject!:
With the increasing number of incidents of crime that is occurring on the world wide web it behooves every programmer to become fluent in all aspects of information security. This book provides a great overview of the various methods a hacker uses to penetrate various forms of web architectures. The author's goals it seems was to cover a broad subject by touching on all important aspects of securing a website. Throughout the book a hacker mindset is presented and how to design your website to overcome... more info
