Paramètres
- 320pages
- 12 heures de lecture
En savoir plus sur le livre
"Thorough and comprehensive coverage from one of the foremost experts in browser security." --Tavis Ormandy, Google Inc. Modern web applications are constructed from a complex mix of technologies, each contributing subtle security implications. Developers must adeptly navigate this landscape to ensure user safety. Michal Zalewski, a leading authority on browser security, provides an insightful narrative that clarifies how browsers operate and their inherent insecurities. Instead of offering simplistic advice on vulnerabilities, he delves into the entire browser security model, identifying weaknesses and supplying vital information for enhancing web application security. Key learning points include: executing complex tasks like URL parsing and HTML sanitization; utilizing modern security features such as Strict Transport Security, CSP, and CORS; applying various forms of the same-origin policy to compartmentalize web applications and safeguard user credentials against XSS bugs; creating mashups and embedding gadgets while navigating frame navigation policies; and managing user-supplied content without falling victim to content sniffing. Each chapter concludes with "Security Engineering Cheat Sheets" for quick reference, providing ready solutions to common challenges. With insights extending to anticipated HTML5 features, this resource equips developers to build secure web applications that endure.
Achat du livre
The Tangled Web, Michal Zalewski
- Langue
- Année de publication
- 2011
- product-detail.submit-box.info.binding
- (souple),
- État du livre
- Abîmé
- Prix
- 4,62 €
Modes de paiement
Personne n'a encore évalué .
- Titre
- The Tangled Web
- Sous-titre
- A Guide to Securing Modern Web Applications
- Langue
- Anglais
- Auteurs
- Michal Zalewski
- Éditeur
- No Starch Press
- Publié
- 2011
- Format
- souple
- Pages
- 320
- ISBN10
- 1593273886
- ISBN13
- 9781593273880
- Séries
- Mots clés
- Nonfiction, Commerce, Technologie & Ingénierie, Thématique juridique, Manuels et guides, Informatique & Internet, Technologie, Finance, Espionnage, Criminalistique, Emploi, Ingénierie, Internet, Surveillance, Hackers, Linux, Insectes et petites bêtes, Réseaux informatiques, Intimité, Hacking, Darkweb
- Description
- "Thorough and comprehensive coverage from one of the foremost experts in browser security." --Tavis Ormandy, Google Inc. Modern web applications are constructed from a complex mix of technologies, each contributing subtle security implications. Developers must adeptly navigate this landscape to ensure user safety. Michal Zalewski, a leading authority on browser security, provides an insightful narrative that clarifies how browsers operate and their inherent insecurities. Instead of offering simplistic advice on vulnerabilities, he delves into the entire browser security model, identifying weaknesses and supplying vital information for enhancing web application security. Key learning points include: executing complex tasks like URL parsing and HTML sanitization; utilizing modern security features such as Strict Transport Security, CSP, and CORS; applying various forms of the same-origin policy to compartmentalize web applications and safeguard user credentials against XSS bugs; creating mashups and embedding gadgets while navigating frame navigation policies; and managing user-supplied content without falling victim to content sniffing. Each chapter concludes with "Security Engineering Cheat Sheets" for quick reference, providing ready solutions to common challenges. With insights extending to anticipated HTML5 features, this resource equips developers to build secure web applications that endure.



