Web Security : A WhiteHat Perspective
معرفی کتاب «Web Security : A WhiteHat Perspective» نوشتهٔ Hanqing Wu, Liz Zhao، منتشرشده توسط نشر Auerbach Publications در سال 2015. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.
In late 2013, approximately 40 million customer debit and credit cards were leaked in a data breach at Target. This catastrophic event, deemed one of the biggest data breaches ever, clearly showed that many companies need to significantly improve their information security strategies. **Web Security: A White Hat Perspective** presents a comprehensive guide to web security technology and explains how companies can build a highly effective and sustainable security system. In this book, web security expert Wu Hanqing reveals how hackers work and explains why companies of different scale require different security methodologies. With in-depth analysis of the reasons behind the choices, the book covers client script security, server applications security, and Internet company security operations. It also includes coverage of browser security, cross sites script attacks, click jacking, HTML5/PHP security, injection attacks, authentication, session management, access control, web frame security, DDOS, leaks, Internet transactions security, and the security development lifecycle. "Preface In mid-2010, Zhang Chunyu asked me if I could write a book on cloud computing. While the concept of cloud computing is very popular, there is not enough written material on how to handle this. Though I have kept myself up to date with this technology, I declined Zhang's request as the prospects in the field were not clear and instead wrote this book on web security. My Road of Security My interest in security developed when I was a student, after I got a book on hacking with no ISBN from the black market. The book had a teaching course on coolfire, which intrigued me. Ever since, I have been hooked to hacking and have taken much interest in practicing the techniques covered in these types of books. In 2000, I joined Xi'an Jiaotong University. Fortunately for me, the computer room at the university was open even after school hours. Though the price of online browsing was high, I invested most of my living expenses in the computer room. In return, I was gaining more knowledge in this field. With the momentum gained at university, I soon got my first computer with the help of my parents. This only helped to increase my interest in the field. In a short while, I collaborated with my friends to set up a technical organization called ph4nt0m.org, named after my favorite comic character. Though the organization did not last long, it helped groom top talents through communication forums that it initiated. This was the proudest achievement in the 20 years of my life. Due to the openness of the Internet and the advances in technology, I have witnessed nearly all the developments in Internet security in the last decade. During the first five years, I witnessed the technology in penetrating tests, cache overflow, and web hacking; for the next five years"- Front Cover 1 Contents 7 Foreword 17 Preface 19 Authors 25 Chapter 1: View of the IT Security World 29 Chapter 2: Security of Browser 55 Chapter 3: Cross-Site Scripting Attack 71 Chapter 4: Cross-Site Request Forgery 149 Chapter 5: Clickjacking 167 Chapter 6: HTML5 Securities 183 Chapter 7: Injection Attacks 199 Chapter 8: File Upload Vulnerability 233 Chapter 9: Authentication and Session Management 247 Chapter 10: Access Control 261 Chapter 11: Encryption Algorithms and Random Numbers 279 Chapter 12: Web Framework Security 351 Chapter 13: Application-Layer Denial-of-Service Attacks 369 Chapter 14: PHP Security 395 Chapter 15: Web Server Configuration Security 439 Chapter 16: Security of Internet Business 455 Chapter 17: Security Development Lifecycle 493 Chapter 18: Security Operations 513 Back Cover 525 "This book introduces nearly all aspects of web security. It reveals how hackers work and explains why companies of different scale should choose their own methodology of security. With in depth analysis of the reasons behind the choices, the book covers client script security, server applications security, and Internet company security operations. It also includes coverage of browser security, cross sites script attacks, click jacking, HTML5/PHP security, injection attacks, authentication, session management, access control, web frame security, DDOS, leaks, Internet transactions security, security development lifecycle, and security operations."-- Provided by publisher
دانلود کتاب Web Security : A WhiteHat Perspective