WASEC: Web Application Security for the everyday software engineer
WASEC: Web Application Security for the everyday software engineer
Everything a web developer should know about application security: concise, condensed and made to last.
About the Book
As software engineers, we often think of security as an afterthought: build it, then fix it later.
Truth is, knowing a few simple browser features can save you countless of hours banging your head against a security vulnerability reported by a user. This book is a solid read that aims to save you days learning about security fundamentals for Web applications, and provide you a concise and condensed idea of everything you should be aware of when developing on the Web from a security standpoint.
Don't understand prepared statements very well? Can't think of a good way to make sure that if your CDN gets compromised your users aren't affected? Still adding CSRF tokens to every form around? Then this book will definitely help you get a better understanding of how to build strong, secure Web applications made to last.
Security is often an afterthought because we don't understand how simple measures can improve our application's defense by multiple orders of magnitude, so let's learn it together.
Table of contents
- Understanding the browser
- Protection through HTTP headers
- HTTP cookies
- DDoS attacks
- Bug Bounty Programs
- Final words
- Docker security
- Kubernetes security
- Penetration tests
- Secret management
- Leveraging other services
Awesome work. Really enjoyed reading. Quality is excellent, I have to say. This should be turned into a 3-days course like the ones in BlackHat.
Senior Security Lead & Technical Security Manager
It's really thorough, especially for software engineers -- really a great work and a gem to read. There are security concepts that normally would be hard for software engineers to jump into or understand, but you made a lot of them simple and easier to understand.
- Who this book is for
- Errata and additional content
Understanding the browser
- What does a browser do?
- Vendor or standard bug?
- A browser for developers
- Into the HTTP protocol
- Mechanics: HTTP vs HTTPS vs H2
- HTTPS everywhere
- GET vs POST
- In HTTP headers we trust
Protection through HTTP headers
- Feature policy
- The reporting API
- Testing your security posture
- Stateful HTTP: managing sessions with cookies
- What’s behind a cookie?
- Session and persistent cookies
- Cookie flags that matter
- What would LeBron do?
- Blacklisting versus whitelisting
- Logging secrets
- Never trust the client
- Generating session IDs
- Querying your database while avoiding SQL injections
- Dependencies with known vulnerabilities
- Have I been pwned?
- Session invalidation in a stateless architecture
- My CDN was compromised!
- The slow death of EV certificates
- Paranoid mode: on
- Low-priority and delegated domains
- Hold the door
- Anatomy of a DDoS
- Why would anyone bomb me?
- Notable DDoS attacks
- Don’t panic: some services to the rescue!
- Hackers welcome
Bug Bounty Programs
- What’s in a program?
- Dealing with researchers
- “Malicious” reporters
- We’re about to wrap it up
This is the end
- Forget safe. Make it safer.
- In the works
- A few thank yous
The Leanpub 45-day 100% Happiness Guarantee
Within 45 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
See full terms
Free Updates. DRM Free.
If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).
Most Leanpub books are available in PDF (for computers), EPUB (for phones and tablets) and MOBI (for Kindle). The formats that a book includes are shown at the top right corner of this page.
Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.
El Manual del ManagerKeyvan Akbary, Félix López, and Álvaro Salazar
¿Has deseado alguna vez el haber tenido una buena introducción al rol del Engineering Manager? En este libro aprenderás lo necesario para ejercer el rol de una manera efectiva: Expectativas y Responsabilidades del Rol, 1-1s, Ayudar a Crecer, Objetivos, Planes de Carrera, Cultura, Feedback, Contratación, Cultura de Producto y mucho más.
Functional Design and ArchitectureAlexander Granin
Software Design in Functional Programming, Design Patterns and Practices, Methodologies and Application Architectures. How to build real software in Haskell with less efforts and low risks. The first complete source of knowledge.
CCIE Service Provider Version 4 Written and Lab Exam Comprehensive GuideNicholas Russo
The service provider landscape has changed rapidly over the past several years. Networking vendors are continuing to propose new standards, techniques, and procedures for overcoming new challenges while concurrently reducing costs and delivering new services. Cisco has recently updated the CCIE Service Provider track to reflect these changes; this book represents the author's personal journey in achieving that certification.
CCIE SP v4.1 - WorkbookŁukasz Bromirski, Piotr Jablonski, and Nicholas Russo
Are you striving to prepare to and pass CCIE SP lab exam? Take the opportunity and get this workbook! With the attached initial cfg files you will prepare yourself for the CCIE SP exam as well as learn SP technologies applicable to all kinds of today modern networks! This workbook covers blueprint topics and provides challenging examples.
Ansible for KubernetesJeff Geerling
Ansible is a powerful infrastructure automation tool. Kubernetes is a powerful application deployment platform. Learn how to use these tools to automate massively-scalable, highly-available infrastructure.
Ansible for DevOpsJeff Geerling
Ansible is a simple, but powerful, server and configuration management tool. Learn to use Ansible effectively, whether you manage one server—or thousands.
Code Faster in DelphiAlister Christie
This book will make you a faster Delphi developer, it doesn't matter if you are just starting out, or have been using Delphi since version 1, you will find all sorts of tips, tricks and hacks to boost your productivity.
Practical FP in Scala: A hands-on approachGabriel Volpe
A practical book aimed for those familiar with functional programming in Scala who are yet not confident about architecting an application from scratch.
Together, we will develop a purely functional application using the best libraries in the Cats ecosystem, while learning about design patterns and best practices.
R Programming for Data ScienceRoger D. Peng
This book brings the fundamentals of R programming to you, using the same material developed as part of the industry-leading Johns Hopkins Data Science Specialization. The skills taught in this book will lay the foundation for you to begin your journey learning data science. Printed copies of this book are available through Lulu.
Cloud StrategyGregor Hohpe
“Strategy is the difference between making a wish and making it come true.” A successful migration to the cloud shouldn’t be driven by wishes, but guided by a sound strategy, frameworks, and decision models. This book tells you how—without becoming superficial nor getting lost in technology and product details.
11 BooksThe Quality Software Bundle is for managers, would-be managers, and any of us who find themselves being managed and confused. This comprehensive bundle covers the entire span of software development approaches, from hacking through waterfall, cascade, prototyping, Iterative enhancement, reusable code, off-the-shelf, to Agile teams. The bundle...
Growing Agile: The Complete Coach's Guide
7 BooksGrowing Agile: Coach's Guide Series This bundle provides a collection of training and workshop plans for a variety of agile topics. The series is aimed at agile coaches, trainers and ScrumMasters who often find themselves needing to help teams understand agile concepts. Each book in the series provides the plans, slides, handouts and activity...
11 BooksIn this bundle, you will find 10 different agile books. They are about different aspects of being agile. - finding a job - doing coding dojo's - Retrospectives - Personal kanban - a non-typical coaching book and even a book that gives you an insight in the lives of some agile people.
WTFlop 6M + HU - Beta Bundle
Fifty Quick Ideas
3 BooksGet all three books for the price of two! Fifty Quick Ideas books are full of practical, real-world techniques that you can use to improve teamwork, build better products and build them in a better way.
Growing Agile: Coach's Guide Series
4 BooksThis bundle provides a collection of training and workshop plans for a variety of agile topics. The series is aimed at agile coaches, trainers and ScrumMasters who often find themselves needing to help teams understand agile concepts. Each book in the series provides the plans, slides, handouts and activity instructions to run a number of...
Marionette.js A to Z
Complete Scala Bundle
3 BooksScala is a general-purpose programming language and it's getting extremely popular these days. Some say that learning Scala could be a challenging task. My experience, however, suggests that this is actually a myth that has very little to do with reality. With the right approach, learning Scala can be easy, fun and rewarding.The first book from...
Build A Better Backbone App
3 BooksThe best way to learn new development skills is through experience, but that takes time you don't have.Get the best of both worlds with this bundle: you'll learn how to produce modern web applications by learning from experienced developers like Derick Bailey and David Sulc. BackboneJS is one of the favorite tools on the web today, but it...