Web Application Security: Exploitation and Countermeasures for Modern Web Applications
暫譯: 網路應用程式安全:現代網路應用程式的利用與對策
Hoffman, Andrew
- 出版商: O'Reilly
- 出版日期: 2020-04-07
- 定價: $1,980
- 售價: 8.5 折 $1,683
- 語言: 英文
- 頁數: 346
- 裝訂: Quality Paper - also called trade paper
- ISBN: 1492053112
- ISBN-13: 9781492053118
-
相關分類:
資訊安全
-
相關翻譯:
Web 應用程序安全 (簡中版)
Web 應用系統安全|現代 Web 應用程式開發的資安對策 (Web Application Security) (繁中版)
立即出貨(限量) (庫存=3)
買這商品的人也買了...
-
Identity and Data Security for Web Development: Best Practices$1,360$1,292 -
Arduino 官方正版 Genuino 101$1,700$1,700 -
網站可靠性工程|Google 的系統管理之道 (Site Reliability Engineering: How Google Runs Production Systems)(SRE)-*外觀稍有瑕疵,不介意者再下單$780$616 -
Securing DevOps: Safe services in the Cloud$1,650$1,568 -
Raspberry Pi 3 Model B+ (UK製)$4,620$4,389 -
Hacking Connected Cars: Tactics, Techniques, and Procedures$1,730$1,644 -
$2,224Programming Quantum Computers: Essential Algorithms and Code Samples (Paperback) -
領域驅動設計:軟體核心複雜度的解決方法 (Domain-Driven Design: Tackling Complexity in the Heart of Software)$680$510 -
$616滲透測試 完全初學者指南 -
C++17 Standard Library Quick Reference: A Pocket Guide to the Language, Apis, and Library$1,530$1,454 -
重構|改善既有程式的設計, 2/e (繁中平裝版)(Refactoring: Improving The Design of Existing Code, 2/e)$800$632 -
Effective Typescript: 62 Specific Ways to Improve Your Typescript (Paperback)$1,650$1,568 -
Kali Linux 滲透測試工具|花小錢做資安,你也是防駭高手, 3/e$880$695 -
$534超大流量分佈式系統架構解決方案:人人都是架構師2.0 -
Microservices Security in Action$1,980$1,881 -
量子電腦程式設計 (Programming Quantum Computers: Essential Algorithms and Code Samples)$680$578 -
$2,376Javascript: The Definitive Guide: Master the World's Most-Used Programming Language, 7/e (Paperback) -
$990Web Security for Developers: Real Threats, Practical Defense (Paperback) -
$301Web 安全漏洞原理及實戰 -
神之手:動畫大神 加加美高浩的繪手神技$550$495 -
零信任網路|在不受信任的網路中建構安全系統 (Zero Trust Networks)$480$379 -
Head First Design Patterns: Building Extensible and Maintainable Object-Oriented Software, 2/e (Paperback)$2,800$2,660 -
Web 開發者一定要懂的駭客攻防術 (Web Security for Developers: Real Threats, Practical Defense)$420$332 -
CYBERSEC 2021 臺灣資安年鑑 ─ 資安絕地大反攻:新一代主動式資安防禦概念來了!$179$161 -
駭客就在你旁邊:內網安全攻防滲透你死我活, 2/e$880$695
商品描述
While many resources for network and IT security are available, detailed knowledge regarding modern web application security has been lacking—until now. This practical guide provides both offensive and defensive security concepts that software engineers can easily learn and apply.
Andrew Hoffman, a senior security engineer at Salesforce, introduces three pillars of web application security: recon, offense, and defense. You’ll learn methods for effectively researching and analyzing modern web applications—including those you don’t have direct access to. You’ll also learn how to break into web applications using the latest hacking techniques. Finally, you’ll learn how to develop mitigations for use in your own web applications to protect against hackers.
- Explore common vulnerabilities plaguing today's web applications
- Learn essential hacking techniques attackers use to exploit applications
- Map and document web applications for which you don’t have direct access
- Develop and deploy customized exploits that can bypass common defenses
- Develop and deploy mitigations to protect your applications against hackers
- Integrate secure coding best practices into your development lifecycle
- Get practical tips to help you improve the overall security of your web applications
商品描述(中文翻譯)
雖然有許多資源可用於網路和 IT 安全,但對於現代網路應用程式安全的詳細知識一直缺乏——直到現在。本實用指南提供了軟體工程師可以輕鬆學習和應用的攻擊和防禦安全概念。
Salesforce 的資深安全工程師 Andrew Hoffman 介紹了網路應用程式安全的三大支柱:偵查、攻擊和防禦。您將學習有效研究和分析現代網路應用程式的方法——包括那些您無法直接訪問的應用程式。您還將學習如何使用最新的駭客技術入侵網路應用程式。最後,您將學習如何為自己的網路應用程式開發緩解措施,以防止駭客攻擊。
- 探索當今網路應用程式常見的漏洞
- 學習攻擊者用來利用應用程式的基本駭客技術
- 繪製和記錄您無法直接訪問的網路應用程式
- 開發和部署可以繞過常見防禦的自訂利用程式
- 開發和部署緩解措施以保護您的應用程式免受駭客攻擊
- 將安全編碼最佳實踐整合到您的開發生命週期中
- 獲取實用提示,幫助您改善網路應用程式的整體安全性
作者簡介
Andrew Hoffman is a product security lead at Salesforce.com, where he is responsible for the security of multiple JavaScript, NodeJS, and OSS teams. His expertise is in deep DOM and JavaScript security vulnerabilities. He has worked with every major browser vendor, as well as with TC39 and WHATWG ? the organizations responsible for the upcoming version of JavaScript and the browser DOM spec.
Prior to this role, Andrew was a software security engineer working on Locker Service, the world's first JavaScript namespace isolation library that operates from the interpreter level up. In parallel, Andrew also contributed to the upcoming JavaScript language security feature "Realms," which provides language level namespace isolation to JavaScript.
作者簡介(中文翻譯)
安德魯·霍夫曼(Andrew Hoffman)是Salesforce.com的產品安全負責人,負責多個JavaScript、NodeJS和開源軟體(OSS)團隊的安全性。他專精於深層的DOM和JavaScript安全漏洞。他曾與每個主要的瀏覽器供應商合作,並且參與了TC39和WHATWG這兩個負責即將推出的JavaScript版本和瀏覽器DOM規範的組織。
在擔任此職位之前,安德魯是一名軟體安全工程師,負責Locker Service的開發,這是全球首個從解釋器層級運作的JavaScript命名空間隔離庫。與此同時,安德魯也為即將推出的JavaScript語言安全功能「Realms」做出了貢獻,該功能為JavaScript提供了語言層級的命名空間隔離。
