Developer's Guide to Web Application Security


  • Michael Cross, Computer Forensic Analyst with the Niagara Regional Police Service, Canada

Over 75% of network attacks are targeted at the web application layer. This book provides explicit hacks, tutorials, penetration tests, and step-by-step demonstrations for security professionals and Web application developers to defend their most vulnerable applications.This book defines Web application security, why it should be addressed earlier in the lifecycle in development and quality assurance, and how it differs from other types of Internet security. Additionally, the book examines the procedures and technologies that are essential to developing, penetration testing and releasing a secure Web application. Through a review of recent Web application breaches, the book will expose the prolific methods hackers use to execute Web attacks using common vulnerabilities such as SQL Injection, Cross-Site Scripting and Buffer Overflows in the application layer. By taking an in-depth look at the techniques hackers use to exploit Web applications, readers will be better equipped to protect confidential.
View full description


Network Security administrators, Developers, Penetration testers, Enterprise administrators, web developers and security experts


Book information

  • Published: February 2007
  • Imprint: SYNGRESS
  • ISBN: 978-1-59749-061-0

Table of Contents

1: Hacking Methodology2: How to Avoid Becoming a Code Grinder3: Understanding the Risk Associated with Mobile Code4: Vulnerable CGI Scripts5: Hacking Techniques and Tools6: Code Auditing and Reverse Engineering7: Securing Your Java Code8: Securing XML9: Building Safe ActiveX Internet Controls10: Securing ColdFusion11: Developing Security-Enabled Applications12: Cradle to Grave: Working with a Security Plan