没有合适的资源?快使用搜索试试~ 我知道了~
Web 应用程序安全:现代 Web 应用程序的利用和对策(2024年,英文版)
3 下载量 70 浏览量
2024-01-25
17:18:03
上传
评论
收藏 14.16MB PDF 举报
温馨提示
试读
444页
在这本广受好评的书的第一版中,安德鲁·霍夫曼定义了应用程序安全的三大支柱:侦察、进攻和防御。在修订和更新的第二版中,他研究了数十个相关主题,从最新类型的攻击和缓解措施到威胁建模、安全软件开发生命周期 (SSDL/SDLC) 等等。 Hoffman 是 Ripple 的高级安全工程师,他还提供了有关其他几种 Web 应用程序技术(例如 GraphQL、基于云的部署、内容交付网络 (CDN) 和服务器端渲染 (SSR))的漏洞利用和缓解措施的信息。遵循第一本书的课程,第二版分为三个不同的支柱,包括三个独立的技能集 第 1 支柱:侦察 — 学习远程映射和记录 Web 应用程序的技术,包括使用 Web 应用程序的过程 支柱 2:攻击——探索使用许多已被世界上最优秀的黑客证明的高效漏洞攻击 Web 应用程序的方法。这些技能与第三支柱的技能一起使用时非常有价值。 第 3 支柱:防御——以前两部分中获得的技能为基础,为第 2 支柱中描述的每种攻击构建有效且长期的缓解措施。
资源推荐
资源详情
资源评论
Andrew Homan
Web
Application
Security
Exploitation and Countermeasures
for Modern Web Applications
Second
Edition
SECURITY
“A comprehensive
resource on practical web
application security.”
—Chetan Karande
Project Leader, OWASP
“Homan’s book is
comprehensive and
beautifully structured
in a way that describes
both the oensive and
defensive components of
web application security.
I consider it technical
enough to be valuable
to software developers,
yet the concepts are
also accessible for
non-technical audiences.”
—Caroline Wong
Chief Strategy Officer at Cobalt
Web Application Security
Twitter: @oreillymedia
linkedin.com/company/oreilly-media
youtube.com/oreillymedia
In the first edition of this critically acclaimed book,
Andrew Hoffman defined the three pillars of application
security: reconnaissance, offense, and defense. In this
updated second edition, he examines dozens of related
topics, from the latest types of attacks and mitigations
to threat modeling, the secure software development
lifecycle (SSDL/SDLC), and zero trust architecture.
Andrew also provides information regarding exploits
and mitigations involving several additional web application
technologies such as GraphQL, cloud-based deployments,
and content delivery networks (CDN). Attack and mitigation
chapters now include additional advanced content that will
benefit more experienced readers.
This second edition is split into three distinct pillars comprising
three separate skill sets:
• Pillar 1: Recon—Learn techniques for mapping and
documenting web applications remotely, including
procedures for collecting security sensitive
conguration data.
• Pillar 2: Oense—Explore methods for attacking
web applications using a number of highly eective exploits
that have been proven by the best hackers in the world.
• Pillar 3: Defense—Build on these skills to construct eective
and long-lived mitigations for each of the attacks described
in Pillar 2. Write and deploy web applications more securely.
Andrew Hoffman, senior staff
security engineer at Ripple, has
a unique skill set composed of
both software engineering and
application security. He’s consulted
with Fortune 500 companies and
startups alike and worked with
every major browser vendor.
US $65.99 CAN $82.99
ISBN: 9781098143930
SECOND
EDITION
Praise for Web Application Security
A comprehensive resource on practical web application security.
—Chetan Karande, Project Leader, OWASP
Hoffman’s book is comprehensive and beautifully structured in a way that describes both
the offensive and defensive components of web application security. I consider it technical
enough to be valuable to software developers, yet the concepts are also accessible for
non-technical audiences.
—Caroline Wong, Chief Strategy
Ocer, Cobalt
The best resource for learning practical application security engineering skills.
—Dustin Kinsey, Application Security Engineer
Andrew Homan
Web Application Security
Exploitation and Countermeasures for
Modern Web Applications
SECOND EDITION
Boston Farnham Sebastopol
Tokyo
Beijing Boston Farnham Sebastopol
Tokyo
Beijing
剩余443页未读,继续阅读
资源评论
辰火流光
- 粉丝: 776
- 资源: 10
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功