Web Application Security

While many resources for network and IT security are available, detailed knowledge regarding modern web application security has been lacking–until now. This practical guide provides both defensive and offensive security concepts that software engineers can easily learn and apply. Andrew Hoffman, a product security lead at Salesforce, introduces three pillars of web application security: recon, offense, and defense. You'll learn methods for effectively researching and analyzing modern web applications–including those you don't have direct access to. You'll also learn how to apply countermeasures to your own applications in order to prevent or mitigate risk from hackers. Ideal as a reference guide or educational text, this book helps you: Explore common vulnerabilities that plague today's web applications Learn essential hacking techniques that attackers use for exploiting applications Map and document web applications for which you don't have direct access Hack your application by applying the OWASP Top 10 exploits and other attacks Learn how to code your application to protect against the attacks you've identified Get practical tips to help you improve the overall security of your web products Develop and deploy your own customized exploits that can bypass many defenses