Parameters
- 320 pages
- 12 hours of reading
More about the book
"Thorough and comprehensive coverage from one of the foremost experts in browser security." --Tavis Ormandy, Google Inc. Modern web applications are constructed from a complex mix of technologies, each contributing subtle security implications. Developers must adeptly navigate this landscape to ensure user safety. Michal Zalewski, a leading authority on browser security, provides an insightful narrative that clarifies how browsers operate and their inherent insecurities. Instead of offering simplistic advice on vulnerabilities, he delves into the entire browser security model, identifying weaknesses and supplying vital information for enhancing web application security. Key learning points include: executing complex tasks like URL parsing and HTML sanitization; utilizing modern security features such as Strict Transport Security, CSP, and CORS; applying various forms of the same-origin policy to compartmentalize web applications and safeguard user credentials against XSS bugs; creating mashups and embedding gadgets while navigating frame navigation policies; and managing user-supplied content without falling victim to content sniffing. Each chapter concludes with "Security Engineering Cheat Sheets" for quick reference, providing ready solutions to common challenges. With insights extending to anticipated HTML5 features, this resource equips developers to build secure web applications that endure.
Book purchase
The Tangled Web, Michal Zalewski
- Language
- Released
- 2011
- product-detail.submit-box.info.binding
- (Paperback),
- Book condition
- Damaged
- Price
- €7.44
Payment methods
No one has rated yet.
- Title
- The Tangled Web
- Subtitle
- A Guide to Securing Modern Web Applications
- Language
- English
- Authors
- Michal Zalewski
- Publisher
- No Starch Press
- Released
- 2011
- Format
- Paperback
- Pages
- 320
- ISBN10
- 1593273886
- ISBN13
- 9781593273880
- Series
- Tags
- Non-Fiction, Business, Technology & Engineering, Legal Topics, References & Manuals, Computers & Internet, Technology, Finance, Espionage, Criminalistics, Employment, Engineering, Internet, Surveillance, monitoring, Hackers, Linux, Beetles and Bugs, Computer Networks, Privacy, Hacking, Dark Web
- Description
- "Thorough and comprehensive coverage from one of the foremost experts in browser security." --Tavis Ormandy, Google Inc. Modern web applications are constructed from a complex mix of technologies, each contributing subtle security implications. Developers must adeptly navigate this landscape to ensure user safety. Michal Zalewski, a leading authority on browser security, provides an insightful narrative that clarifies how browsers operate and their inherent insecurities. Instead of offering simplistic advice on vulnerabilities, he delves into the entire browser security model, identifying weaknesses and supplying vital information for enhancing web application security. Key learning points include: executing complex tasks like URL parsing and HTML sanitization; utilizing modern security features such as Strict Transport Security, CSP, and CORS; applying various forms of the same-origin policy to compartmentalize web applications and safeguard user credentials against XSS bugs; creating mashups and embedding gadgets while navigating frame navigation policies; and managing user-supplied content without falling victim to content sniffing. Each chapter concludes with "Security Engineering Cheat Sheets" for quick reference, providing ready solutions to common challenges. With insights extending to anticipated HTML5 features, this resource equips developers to build secure web applications that endure.