Tech Quarto
Search Advanced SearchView Cart   Checkout   
 Location:  Home » Computer Science » Privacy » Developer's Guide to Web Application Security  
Categories
Computer Science
The Internet
For Dummies
Web Browsers
Windows
Digital Culture
Multimedia
Mobile & Wireless
Subcategories
Internet & Education
Online Searching
Web Browsers
Web for Kids
Algorithms
Artificial Intelligence
Computer Science
Database Storage & Design
General AAS
Graphics & Visualization
Networking
Object-Oriented Software Design
Operating Systems
Programming Languages
Software Design & Engineering
All Titles
Arts & Photography
Biographies & Memoirs
Business & Investing
Children's Books
Computers & Internet
Cooking, Food & Wine
Engineering
Entertainment
Gay & Lesbian
General AAS
Home & Garden
Literature & Fiction
Medicine
Nonfiction
Outdoors & Nature
Parenting & Families
Professional
Reference
Religion & Spirituality
Science
Teens
Travel
Mass Market
Trade
Related Categories
• Privacy
Business & Culture
Computers & Internet
Subjects
Books
• Cross-platform Development
Programming
Computers & Internet
Subjects
Books
• Software Development
Software Design, Testing & Engineering
Programming
Computers & Internet
Subjects
• General
Programming
Computers & Internet
Subjects
Books
• Network Security
Networking
Computers & Internet
Subjects
Books
• General
Networks, Protocols & APIs
Networking
Computers & Internet
Subjects
• General
SQL
Databases
Computers & Internet
Subjects
• Internet
Home Computing
Computers & Internet
Subjects
Books
• General
Computers & Internet
Subjects
Books
• General
Software
Computers & Internet
Subjects
Books
• Security+
Exams
Certification Central
Computers & Internet
Subjects
• Computer Science
New & Used Textbooks
Custom Stores
Specialty Stores
Books
• Qualifying Textbooks
Custom Stores
Specialty Stores
Books
• Illustrated
Edition (format)
Refinements
Books
• Paperback
Binding (binding)
Refinements
Books
• Printed Books
Format (feature_browse-bin)
Refinements
Books
Visit Laptop Nirvana for the best Cheap Discount Laptops

Developer's Guide to Web Application Security

Developer's Guide to Web Application Security

zoom enlarge 		Author: Matt Fisher
Publisher: Syngress
Category: Book

List Price: $49.95
Buy New: $28.92
You Save: $21.03 (42%)



New (26) Used (4) from $28.92

Avg. Customer Rating: 4.0 out of 5 stars 3 reviews
Sales Rank: 728312

Format: Illustrated
Media: Paperback
Edition: 1
Number Of Items: 1
Pages: 504
Shipping Weight (lbs): 1.4
Dimensions (in): 8.7 x 7 x 1.4

ISBN: 159749061X
Dewey Decimal Number: 005.8
EAN: 9781597490610
ASIN: 159749061X

Publication Date: July 1, 2006
Availability: Usually ships in 1-2 business days
Condition: All orders ship same business day via standard shipping (USPS Media Mail) if received by 1 PM CST.
Also Available In:

  • Digital - Developer's Guide to Web Application Security
Similar Items:

  • The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws
  • How to Break Web Software: Functional and Security Testing of Web Applications and Web Services. Book & CD
  • Hacking Exposed Web Applications, 2nd Ed. (Hacking Exposed)
  • Foundations of Security: What Every Programmer Needs to Know (Expert's Voice)
  • XSS Attacks: Cross Site Scripting Exploits and Defense
Editorial Reviews:

Product Description
75% of attacks targeted against specific systems are aimed against the web application itself; not the operating system or network. While current security technologies and practices are aimed for the operating system and network, the custom developed software that runs the web application is the most exposed portion of any website, and often the most vulnerable. This book defines Web application security, why it should be addressed earlier in the lifecycle in development and quality assurance, and how it differs from other types of Internet security. Additionally, the book examines the procedures and technologies that are essential to developing, penetration testing and releasing a secure Web application. Through a review of recent Web application breaches, the book will expose the prolific methods hackers use to execute Web attacks using common vulnerabilities such as SQL Injection, Cross-Site Scripting and Buffer Overflows in the application layer. By taking an in-depth look at the techniques hackers use to exploit Web applications, readers will be better equipped to protect confidential.

Customer Reviews:

2 out of 5 stars Just not quite the book it promises to be   June 3, 2008
More recent books on web application security are welcomed. The publication date of 2006 suggests it might fall into that category.

The focus on the programmer is also welcomed. Many security books deal with threats, but the actual practice of programming to ameliorate those threats may not be readily apparent. One would like support for a programmer "security mindset" and specific strategies to implement that.

The book is addressed to programmers and written in a fashion that is engaging. And, as a more general work to highlight the importance of security at the development stage, it's OK.

But, there's just not much depth here for it's intended topic. And, the content appears to reflect lectures presented in the 90s. There's some significant reference to C, which is not typically used in contemporary web programming. The focus tends towards the *nix world, but again a fair amount of emphasis, as I recall, on cgi, where again, PHP is more commonly used today. References in the Microsoft world are exclusively to ASP -- a technology which was superseded in 2002 by ASP.NET.

There's some appropriate programming advice here. But, it's soft rather than hard, and diffuse and general rather than focused and specific.

I would rate it 3 stars for that content if it were more appropriately titled.



5 out of 5 stars Good read for the security conscious   March 17, 2007
 1 out of 2 found this review helpful

When I came across this book on the O'Reilly website I was immediately interested, as web applications are becoming more and more prevalent. And other than thinking it covered methods of securing web applications I had no preconceived assumptions. My main aspiration for this book was to give me better awareness of security in the area of web applications and to provide me with some tools. After having read this book I can say that it has done both.

Each of the chapters in this book seem to follow a pattern of first defining the topic, second giving real world examples, and finally providing the reader with solutions. The book begins by providing a history of the hacking methodology and defining the various types of hacking. It was interesting to learn about some of the various hacks and hackers. For example, I had no idea Steve Jobs (Apple Computers) used to be a hacker.

In chapter two the author discusses what he calls a "Code Grinder", and how to not become or produce a code grinder. A code grinder is someone who works in a highly regulated environment where creativity is discouraged. I found it interesting that a code grinder environment typically produces more unsecure code then an environment that is open and promotes creativity.

Chapter three discusses the risks associated with mobile code. Chapter four covers vulnerable CGI scripts and introduces the reader to some tools such as Nikto and Web Hack Control Center to scan your website to find vulnerabilities. The author goes on to discuss the issues faced by the various CGI scripting languages, and then provides an outline of rules to writing secure CGI scripts.

Chapter five covers hacking techniques and tools. This section gets you into the mind of a hacker, what are their goals, how are those goals achieved and what tools do they use. In chapter six the topic is "Code Auditing and Reverse Engineering." This chapter I found exceptionally interesting and helpful. The author takes you through various types of vulnerabilities and with each weakness explains how it affects each of the more popular programming/scripting languages. And to take it a step further the author also provides the reader with the functions/methods for each programming/scripting language that are vulnerable to attack and then explains either how to use those functions securely or gives an alternative function/method that is more secure.

Chapters seven through ten cover securing code in specific languages; Java, XML, ActiveX, and ColdFusion. Chapter eleven discusses developing security enabled applications using such technologies as PGP, SSL, and PKI. Finally in chapter twelve the author wraps up the book by taking the reader through creating and working with a security plan.

CONCLUSION
--
I found this book to be interesting and a good read. I plan to make use of some of the tools it introduced in hardening applications I work with and develop. And as I mentioned before, the chapter on code auditing will be extremely useful to me in cleaning up existing apps and developing new ones. I liked this book and I would recommend it to anyone who is writing code.



5 out of 5 stars Great Overview of a complex subject!   February 20, 2007
 1 out of 1 found this review helpful

With the increasing number of incidents of crime that is occurring on the world wide web it behooves every programmer to become fluent in all aspects of information security. This book provides a great overview of the various methods a hacker uses to penetrate various forms of web architectures. The author's goals it seems was to cover a broad subject by touching on all important aspects of securing a website.

Throughout the book a hacker mindset is presented and how to design your website to overcome the tools and tricks of the hacker. For instance in many of the chapters the manner of attack that a hacker would use to exploit a piece of technology is covered. Overall I believe this book to be a good introduction to the field of securing websites. Since security in of itself is such a broad subject and the Internet is also a broad subject it is unfair to expect one book to cover all aspects of a complex and dynamic environment


Powered by Associate-O-Matic