Features
- Cover Type: Paperback with 504 pages
- Published by: Syngress
- Edition: 1st Edition July 1, 2006
- Written in: English
- ISBN 10 Number: 159749061X
- ISBN 13 Number: 978-1597490610
-
Book Dimensions:
8.7 x 7 x 1.4 inches
- Weighs: 1.4 pounds
Product Description
75% of attacks targeted against specific systems are aimed against the web application itself; not the operating system or network. While current security technologies and practices are aimed for the operating system and network, the custom developed
software that runs the web application is the most exposed portion of any website, and often the most vulnerable. This book defines Web application security, why it should be addressed earlier in the lifecycle in development and quality assurance, and how it differs from other types of Internet security. Additionally, the book looks at the procedures and technologies that are essential to developing, penetration testing and releasing a secure Web application. Through a review of recent Web application breaches, the book will expose the prolific methods hackers use to execute Web attacks using common vulnerabilities such as SQL Injection, Cross-Site Scripting and Buffer Overflows in the application layer. By taking an in-depth look at the techniques hackers use to exploit Web applications, readers will be better equipped to protect confidential.
About The Author
Michael Cross (MCSE, MCP+I, CNA, Network+) is an Internet Specialist/Computer Forensic Analyst with the Niagara Regional Police Service (NRPS). He performs computer forensic examinations on computers involved in criminal investigation. He also has consulted and assisted in cases dealing with computer-related/Internet crimes. In addition to designing and maintaining the NRPS Web site at www.nrps.com and the NRPS intranet, he has provided support in the areas of programming, hardware, and network administration. As part of an information technology team that provides support to a user base of more than 800 civilian and uniform users, he has a theory that when the users carry guns, you tend to be more motivated in solving their problems.
Michael also owns KnightWare (www.knightware.ca), which provides computer-related services such as Web page design, and Bookworms (www.bookworms.ca), where you can purchase collectibles and other interesting items online. He has been a freelance writer for several years, and he has been published more than three dozen times in numerous books and anthologies. He currently resides in St. Catharines, Ontario, Canada, with his lovely wife, Jennifer, his darling daughter, Sara, and charming son, Jason.
Michael wrote Chapter 11.
Reader ReviewsMore recent books on web application security are welcomed. The publication date of 2006 suggests it might fall into that category. The focus on the programmer is also welcomed. Many security books deal with threats, but the actual practice of programming to ameliorate those threats may not be readily apparent. One would like support for a programmer "security mindset" and specific strategies to implement that. The book is addressed to programmers and written in a fashion that is engaging. And, as a more general work to highlight the importance of security at the development stage, it's OK. But, there's just not much depth here for it's intended topic. And, the content appears to reflect lectures presented in the 90s. There's some significant reference to C, which is not typically used in contemporary web programming. The focus tends towards the *nix world, but again a fair amount of emphasis, as I recall, on cgi, where again, PHP is more commonly used today. References in the Microsoft world are exclusively to ASP -- a technology which was superseded in 2002 by ASP.NET. There's some appropriate programming advice here. But, it's soft rather than hard, and diffuse and general rather than focused and specific. I would rate it 3 stars for that content if it were more appropriately titled.
Search for books at
