Home | Amazing | Today | Tags | Publishers | Years | Account | Search 
The Tangled Web: A Guide to Securing Modern Web Applications

Buy
Just fifteen years ago, the Web was as simple as it was unimportant: a quirky mechanism that allowed a handful of students, plus a bunch of asocial, basementdwelling geeks, to visit each other’s home pages dedicated to science, pets, or poetry. Today, it is the platform of choice for writing complex, interactive applications (from mail clients to image editors to computer games) and a medium reaching hundreds of millions of casual users around the globe. It is also an essential tool of commerce, important enough to be credited for causing a recession when the 1999 to 2001 dot-com bubble burst.

"Thorough and comprehensive coverage from one of the foremost experts in browser security."
--Tavis Ormandy, Google Inc.

Modern web applications are built on a tangle of technologies that have been developed over time and then haphazardly pieced together. Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle security consequences. To keep users safe, it is essential for developers to confidently navigate this landscape.

In The Tangled Web, Michal Zalewski, one of the world's top browser security experts, offers a compelling narrative that explains exactly how browsers work and why they're fundamentally insecure. Rather than dispense simplistic advice on vulnerabilities, Zalewski examines the entire browser security model, revealing weak points and providing crucial information for shoring up web application security. You'll learn how to:

  • Perform common but surprisingly complex tasks such as URL parsing and HTML sanitization
  • Use modern security features like Strict Transport Security, Content Security Policy, and Cross-Origin Resource Sharing
  • Leverage many variants of the same-origin policy to safely compartmentalize complex web applications and protect user credentials in case of XSS bugs
  • Build mashups and embed gadgets without getting stung by the tricky frame navigation policy
  • Embed or host user-supplied content without running into the trap of content sniffing
For quick reference, "Security Engineering Cheat Sheets" at the end of each chapter offer ready solutions to problems you're most likely to encounter. With coverage extending as far as planned HTML5 features, The Tangled Web will help you create secure web applications that stand the test of time.
(HTML tags aren't allowed.)

Photoshop for the Web: Covers Photoshop 5.5 and ImageReady 2.0
Photoshop for the Web: Covers Photoshop 5.5 and ImageReady 2.0

In this second edition, author Mikkel Aaland updatesPhotoshop for the Web to include important new techniques and workarounds for the latest release of Photoshop--version 5.5. The first edition was loaded with step-by-step examples and real-world solutions from some of the world's hottest Web sites. The second edition adds...

The Cosmic Microwave Background
The Cosmic Microwave Background
The cosmic microwave background (CMB) is the radiation left over from the Big Bang. Recent analysis of the fluctuations in this radiation has given us valuable insights into our Universe and its parameters. Examining the theory of CMB and recent developments, this textbook starts with a brief introduction to modern cosmology and its main successes,...
English Brainstormers!: Ready-to-Use Games & Activities That Make Language Skills Fun to Learn
English Brainstormers!: Ready-to-Use Games & Activities That Make Language Skills Fun to Learn
Standards,” “Learning Assessments,” “Academic Intervention Services,” and “Competency
Evaluation.” Yes, the new standards are probably necessary for some students for a number
of reasons. Yes, students who are not performing up to a specific standard should be given
remediation. Few would
...

SAS(R) Add-In 2.1 for Microsoft Office: Getting Started with Data Analysis
SAS(R) Add-In 2.1 for Microsoft Office: Getting Started with Data Analysis
Provides step-by-step instructions for analyzing data in Microsoft Excel. You will be guided through several SAS tasks and shown how you can harness the power of SAS in Microsoft Excel. The scenarios in the book use sample data that is provided with Base SAS software, so you can follow the instructions to perform this analysis.

The SAS
...
Mobile VPN : Delivering Advanced Services in Next Generation Wireless Systems
Mobile VPN : Delivering Advanced Services in Next Generation Wireless Systems
Expert guidance on how to successfully build and deploy Mobile Virtual Private Networks

Mobile Virtual Private Networks (VPNs) have the potential to dramatically improve business productivity and give service providers new revenue opportunities. This in-depth tutorial will help professionals in the field understand both the technology of Mobile...

Teach Yourself Unix in 24 Hours
Teach Yourself Unix in 24 Hours
Sams Teach Yourself UNIX in 24 Hours, Second Edition is designed to take users from novice to accomplished user in just 24 one-hour sessions. Written by experts in the field, Sams Teach Yourself UNIX in 24 Hours, Second Edition starts off with an introduction to UNIX, then covers file handling, pipes and filters, the vi and EMACS text editors,...
©2019 LearnIT (support@pdfchm.net) - Privacy Policy