Website security made easy. This book covers the most common ways
websites get hacked and how web developers can defend themselves.
The world has changed. Today, every time you make a site live, you're
opening it up to attack.
A first-time developer can easily be discouraged by the difficulties
involved with properly securing a website. But have hope: an army of
security researchers is out there discovering, documenting, and fixing
security flaws. Thankfully, the tools you'll need to secure your site
are freely available and generally easy to use.
Web Security for Developers will teach you how your websites are
vulnerable to attack and how to protect them. Each chapter breaks down a
major security vulnerability and explores a real-world attack, coupled
with plenty of code to show you both the vulnerability and the fix.
You'll learn how to:
Protect against SQL injection attacks, malicious JavaScript, and
cross-site request forgery
Add authentication and shape access control to protect accounts
Lock down user accounts to prevent attacks that rely on guessing
passwords, stealing sessions,
or escalating privileges
Implement encryption
Manage vulnerabilities in legacy code
Prevent information leaks that disclose vulnerabilities
Mitigate advanced attacks like malvertising and denial-of-service
As you get stronger at identifying and fixing vulnerabilities, you'll
learn to deploy disciplined, secure code and become a better programmer
along the way.
