The highly successful security book returns with a new edition,
completely updated
Web applications are the front door to most organizations, exposing them
to attacks that may disclose personal information, execute fraudulent
transactions, or compromise ordinary users. This practical book has been
completely updated and revised to discuss the latest step-by-step
techniques for attacking and defending the range of ever-evolving web
applications. You'll explore the various new technologies employed in
web applications that have appeared since the first edition and review
the new attack techniques that have been developed, particularly in
relation to the client side.
- Reveals how to overcome the new technologies and techniques aimed at
defending web applications against attacks that have appeared since
the previous edition
- Discusses new remoting frameworks, HTML5, cross-domain integration
techniques, UI redress, framebusting, HTTP parameter pollution, hybrid
file attacks, and more
- Features a companion web site hosted by the authors that allows
readers to try out the attacks described, gives answers to the
questions that are posed at the end of each chapter, and provides a
summarized methodology and checklist of tasks
Focusing on the areas of web application security where things have
changed in recent years, this book is the most current resource on the
critical topic of discovering, exploiting, and preventing web
application security flaws.
