SECURITY
“A comprehensive
resource on practical web
application security.”
—Chetan Karande
Project Leader, OWASP
“Homan’s book is
comprehensive and
beautifully structured
in a way that describes
both the oensive and
defensive components of
web application security.
I consider it technical
enough to be valuable
to software developers,
yet the concepts are
also accessible for
non-technical audiences.”
—Caroline Wong
Chief Strategy Officer at Cobalt
Web Application Security
Twitter: @oreillymedia
linkedin.com/company/oreilly-media
youtube.com/oreillymedia
In the first edition of this critically acclaimed book,
Andrew Hoffman defined the three pillars of application
security: reconnaissance, offense, and defense. In this
updated second edition, he examines dozens of related
topics, from the latest types of attacks and mitigations
to threat modeling, the secure software development
lifecycle (SSDL/SDLC), and zero trust architecture.
Andrew also provides information regarding exploits
and mitigations involving several additional web application
technologies such as GraphQL, cloud-based deployments,
and content delivery networks (CDN). Attack and mitigation
chapters now include additional advanced content that will
benefit more experienced readers.
This second edition is split into three distinct pillars comprising
three separate skill sets:
• Pillar 1: Recon—Learn techniques for mapping and
documenting web applications remotely, including
procedures for collecting security sensitive
conguration data.
• Pillar 2: Oense—Explore methods for attacking
web applications using a number of highly eective exploits
that have been proven by the best hackers in the world.
• Pillar 3: Defense—Build on these skills to construct eective
and long-lived mitigations for each of the attacks described
in Pillar 2. Write and deploy web applications more securely.
Andrew Hoffman, senior staff
security engineer at Ripple, has
a unique skill set composed of
both software engineering and
application security. He’s consulted
with Fortune 500 companies and
startups alike and worked with
every major browser vendor.
US $65.99 CAN $82.99
ISBN: 9781098143930
SECOND
EDITION
