When you launch an application on the web, every hacker in the world has access to it. Are you sure your web apps can stand up to the most sophisticated attacks?
Grokking Web Application Security is a brilliantly illustrated and clearly written guide that delivers detailed coverage on:
How the browser security model works, including sandboxing, the same-origin policy, and methods of securing cookies
Securing web servers with input validation, escaping of output, and defense in depth
A development process that prevents security bugs
Protecting yourself from browser vulnerabilities such as cross-site scripting, cross-site request forgery, and clickjacking
Network vulnerabilities like man-in-the-middle attacks, SSL-stripping, and DNS poisoning
Preventing authentication vulnerabilities that allow brute forcing of credentials by using single sign-on or multi-factor authentication
Authorization vulnerabilities like broken access control and session jacking
How to use encryption in web applications
Injection attacks, command execution attacks, and remote code execution attacks
Malicious payloads that can be used to attack XML parsers, and file upload functions