Modern web applications are built on a tangle of technologies that have been developed over time and then haphazardly pieced together. Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle security consequences. To keep users safe, it is essential for developers to confidently navigate this landscape.
In The Tangled Web, Michal Zalewski, one of the world’s top browser security experts, offers a compelling narrative that explains exactly how browsers work and why they’re fundamentally insecure. Rather than dispense simplistic advice on vulnerabilities, Zalewski examines the entire browser security model, revealing weak points and providing crucial information for shoring up web application security.
You’ll learn how to:
–Perform common but surprisingly complex tasks such as URL parsing and HTML sanitization
–Use modern security features like Strict Transport Security, Content Security Policy, and Cross-Origin Resource Sharing
–Leverage many variants of the same-origin policy to safely compartmentalize complex web applications and protect user credentials in case of XSS bugs
–Build mashups and embed gadgets without getting stung by the tricky frame navigation policy
–Embed or host user-supplied content without running into the trap of content sniffing
For quick reference, "Security Engineering Cheat Sheets" at the end of each chapter offer ready solutions to problems you’re most likely to encounter. With coverage extending as far as planned HTML5 features, The Tangled Web will help you create secure web applications that stand the test of time.
Les informations fournies dans la section « Synopsis » peuvent faire référence à une autre édition de ce titre.
Michal Zalewski is an internationally recognized information security expert with a long track record of delivering cutting-edge research. He is credited with discovering hundreds of notable security vulnerabilities and frequently appears on lists of the most influential security experts. He is the author of Silence on the Wire (No Starch Press), Google's "Browser Security Handbook," and numerous important research papers.
Les informations fournies dans la section « A propos du livre » peuvent faire référence à une autre édition de ce titre.
Vendeur : World of Books (was SecondSale), Montgomery, IL, Etats-Unis
Etat : Good. Item in good condition. Textbooks may not include supplemental items i.e. CDs, access codes etc. N° de réf. du vendeur 00095758308
Quantité disponible : 4 disponible(s)
Vendeur : Aspen Book Co., Denver, CO, Etats-Unis
Etat : good. A well-loved companion. Corners and cover might show a little wear, and you could find some notes or highlights. The dust jacket might be MIA, it might have been a library book and extras aren't guaranteedâ"but the story's all there! N° de réf. du vendeur PKV.1593273886.G
Quantité disponible : 1 disponible(s)
Vendeur : Evergreen Goodwill, Seattle, WA, Etats-Unis
paperback. Etat : Good. N° de réf. du vendeur mon0000076042
Quantité disponible : 1 disponible(s)
Vendeur : ThriftBooks-Atlanta, AUSTELL, GA, Etats-Unis
Paperback. Etat : Good. No Jacket. Former library book; Pages can have notes/highlighting. Spine may show signs of wear. ~ ThriftBooks: Read More, Spend Less. N° de réf. du vendeur G1593273886I3N10
Quantité disponible : 1 disponible(s)
Vendeur : ThriftBooks-Atlanta, AUSTELL, GA, Etats-Unis
Paperback. Etat : Good. No Jacket. Pages can have notes/highlighting. Spine may show signs of wear. ~ ThriftBooks: Read More, Spend Less. N° de réf. du vendeur G1593273886I3N00
Quantité disponible : 1 disponible(s)
Vendeur : HPB-Red, Dallas, TX, Etats-Unis
Paperback. Etat : Good. Connecting readers with great books since 1972! Used textbooks may not include companion materials such as access codes, etc. May have some wear or writing/highlighting. We ship orders daily and Customer Service is our top priority! N° de réf. du vendeur S_458235276
Quantité disponible : 1 disponible(s)
Vendeur : Goodwill of Silicon Valley, SAN JOSE, CA, Etats-Unis
Etat : good. Supports Goodwill of Silicon Valley job training programs. The cover and pages are in Good condition! Any other included accessories are also in Good condition showing use. Use can include some highlighting and writing, page and cover creases as well as other types visible wear. N° de réf. du vendeur GWSVV.1593273886.G
Quantité disponible : 1 disponible(s)
Vendeur : Half Price Books Inc., Dallas, TX, Etats-Unis
Paperback. Etat : Very Good. Connecting readers with great books since 1972! Used books may not include companion materials, and may have some shelf wear or limited writing. We ship orders daily and Customer Service is our top priority! N° de réf. du vendeur S_469868494
Quantité disponible : 1 disponible(s)
Vendeur : HPB-Diamond, Dallas, TX, Etats-Unis
Paperback. Etat : Very Good. Connecting readers with great books since 1972! Used books may not include companion materials, and may have some shelf wear or limited writing. We ship orders daily and Customer Service is our top priority! N° de réf. du vendeur S_469554862
Quantité disponible : 1 disponible(s)
Vendeur : Bookbot, Prague, Rébublique tchèque
Softcover. Etat : Fair. Verschmutzung / Wasserschaden; Leichte Kratzer / Abnutzungen / Druckstellen. "Thorough and comprehensive coverage from one of the foremost experts in browser security." --Tavis Ormandy, Google Inc. Modern web applications are constructed from a complex mix of technologies, each contributing subtle security implications. Developers must adeptly navigate this landscape to ensure user safety. Michal Zalewski, a leading authority on browser security, provides an insightful narrative that clarifies how browsers operate and their inherent insecurities. Instead of offering simplistic advice on vulnerabilities, he delves into the entire browser security model, identifying weaknesses and supplying vital information for enhancing web application security. Key learning points include: executing complex tasks like URL parsing and HTML sanitization; utilizing modern security features such as Strict Transport Security, CSP, and CORS; applying various forms of the same-origin policy to compartmentalize web applications and safeguard user credentials against XSS bugs; creating mashups and embedding gadgets while navigating frame navigation policies; and managing user-supplied content without falling victim to content sniffing. Each chapter concludes with "Security Engineering Cheat Sheets" for quick reference, providing ready solutions to common challenges. With insights extending to anticipated HTML5 features, this resource equips developers to build secure web applications that endure. N° de réf. du vendeur 8106bd12-3c59-453e-a7ff-204e23c62e9f
Quantité disponible : 1 disponible(s)