Practical Application Security
Practical Application Security
Web Edition
About the Book
A Book About more +15 Vulnerability Type Attack & Defence and Tutorial About Software Security Tools and Appliance.
Security is essential.
We use a little bit of cryptography, add some firewalls and passwords – done! In theory… When we started work in the field of security , We met many people who thought they could easily secure their applications. They used certain ingredients of security measures and applied them to whatever problem they had. Even worse: sometimes they didn’t use existing ingredients, but build their own – making the same errors made in hundreds of previous projects.
And practice proved them wrong: security was never simple – there’s always at least one loophole. There’s always an unexpected side-effect. There’s always something that you miss if you are not an expert. Front page news regularly proves that we obviously never learn.
Key reasons for insecure applications are:
Lack of time( due to aggressive deadlines )
Lack of knowledge ( IT experts are usually not security experts Lack of priorities )
functionality and performance usually come top That’s why we are literally doomed to failure.
Hackers can attack a system, steal or change data and leave without a trace. Sometimes the victim doesn’t even know that something really bad happened until his new designs are somehow copied by a competitor, or supposedly protected customer data is published on public web sites or a journalist gets a hint of a fantastic new story. Even worse, modern applications are becoming more and more complex – think of recent trends like mobility and cloud computing. Borders disappear and the means of protecting known areas is difficult. In traditional engineering we have hundreds of years of knowledge that has evolved over time. We know how to build bridges that survive rain, wind and earthquakes. We know how to build solid cars that give you a good chance of surviving a crash. We know of proven solutions to problems in specific contexts. Written down, these are called a patterns, paradigms that have also been applied to software engineering for quite some time. Towards the end of the 1990s we saw work on patterns that were dedicated to security problems. The pattern community came together and collected the work in progress, resulting in one of the first comprehensive security pattern collections, which captured security expertise for getting it done the right way. It was obvious that the work was not completed by the publication of a few books. Besides mining additional knowledge and writing more patterns, an interesting question is how to apply them effectively. Both of these issues are answered with this book ,The most up-to-date guide for software engineers who want to understand how to build reliable applications. It provides guidance for applying the captured expertise of security pattern in your day-to-day work.
Security is still not easy, but it is much easier when you understand the benefits, liabilities and dependencies of specific solutions.
About the Contributors
Table of Contents
- About Authors
- About Authors
- Preface
-
Part I: Prepared for Application Security
- Introduction
- SDLC vs SSDLC
- Vulnerability Management
- Static & Dynamic Testing
- Secure Architecture
-
Part II: Vulnerabilities
- SQL Injection
- Code Injection
- Server Side Template Injection
- XML Injection
- What is OAuth?
- How does OAuth 2.0 work?
- OAuth 2.0 Misconfiguration
- What is SAML?
- How does SAML work?
- SAML Misconfiguration
- What is Session Management
- Session Management Security Best Practice
- XXE
- Insecure Deserialization
- XSS
- Insecure Deserialization
- CSRF
- SSRF
- HTTP request smuggling
- Web cache poisoning
-
Part III: Secure Application Architecture
- What is Web Service?
- Type of Web Service
- Webservice Misconfiguration
- What is Authentication?
- Storage of Credential Security Issue
- Authentication Misconfiguration
- What is Credential?
- Type of Storage
- Storage Security Risk
- What is Sensitive/Non-Sensitive File?
- Sensitive File in Java
- What are business logic vulnerabilities
- Depenedency Vulnerability
-
Part IV: Virtual Patching
- Fortiweb WAF
- Cloudflare WAF
- References
The Leanpub 60 Day 100% Happiness Guarantee
Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.
You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!
So, there's no reason not to click the Add to Cart button, is there?
See full terms...
Earn $8 on a $10 Purchase, and $16 on a $20 Purchase
We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.
(Yes, some authors have already earned much more than that on Leanpub.)
In fact, authors have earnedover $14 millionwriting, publishing and selling on Leanpub.
Learn more about writing on Leanpub
Free Updates. DRM Free.
If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).
Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.
Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.
Learn more about Leanpub's ebook formats and where to read them