Secure Programming of Web Applications - eBook

Understand application security: We can read about numerous successful attacks on well-known web applications on a weekly basis. Reason enough to study the background of "Web Application Security" of custom-made / self-developed applications - no matter if these are used only internally or with public access.

Also available: "I see this SPOT ON course. This course will teach developers such as myself and you." (Student)

Purchase eBook (~30 pages)

• incl. VAT
• PDF delivery through e-mail
• Payment also as guest without Paypal account

Content

This book DOES NOT cover related topics like secure (network) infrastructures, operating system security, patch management, firewall architectures etc. but instead focuses only at the application level - the central field of activity of a software developer.

Web applications are a generic expression for

• Internet applications
• Intranet applications
• Cloud services
• Web portals
• Web services
• Web APIs

Table of Contents

The most common / typical attacks against web applications are:

• [01] Code/Command Injection in general
• [02] (No)SQL Code Injection
• [03] Cross-Site Request Forgery (CSRF)
• [04] Cross-Site Scripting (XSS)
• [05] Open Redirection
• [06] Remote File Inclusion (RFI) and Local File Inclusion (LFI)
• [07] Clickjacking
• [08] Session-Hijacking
• [09] Information Disclosure
• [10] Attacks on Weaknesses of the Authentification
• [11] Denial of Service
• [12] Middleware
• [13] Third-Party Software

Extract

• Secure Programming of Web Applications pages 1-4

Author

Frank Hissen successfully studied Computer Science at Darmstadt University of Technology (Germany) focusing on IT security. For over 20 years, he works as IT consultant and software engineer; for over 15 years, he also works in various positions as security expert in IT development and consulting projects. He mainly worked for large businesses but also medium-sized companies.

Mr. Hissen is specialized in applied and technical IT security. For major as well as smaller companies, he equally developed and implemented security solutions and accompanied processes for secure product and software development. He became self-employed in 2009. Since then he works as freelancing expert in the area of web and cloud application security as well as cryptography.

Keywords

Security of Web Applications, Secure Programming Patterns, Security Baselines, Web Application Knowledge, Developer, Software Developer, Web Developer, Technical Project Manager