Sinossi
- This concise and practical book shows where code vulnerabilities lie-without delving into the specifics of each system architecture, programming or scripting language, or application-and how best to fix them
- Based on real-world situations taken from the author's experiences of tracking coding mistakes at major financial institutions
- Covers SQL injection attacks, cross-site scripting, data manipulation in order to bypass authorization, and other attacks that work because of missing pieces of code
- Shows developers how to change their mindset from Web site construction to Web site destruction in order to find dangerous code
Le informazioni nella sezione "Riassunto" possono far riferimento a edizioni diverse di questo titolo.
Informazioni sull?autore
Sverre Huseby runs his own company selling courses and consultancy services in Web application security. He's an active participant on webappsec mail forum.
Dalla quarta di copertina
This book is much more than a wake-up call. It is also an eye-opener. Even for those who are already awake to the problems of Web server security, it is a serious guide for what to do and what not to do, with many well-chosen examples. The set of fundamental rules is highly relevant.
Peter G. Neumann, Author of Computer-Related Risks,and moderator of the Internet Risks Forum (risks.org).
This concise and practical book will show where code vulnerabilities lie and how best to fix them. Its value is in showing where code may be exploited to gain access to - or break - systems, but without delving into specific architectures, programming or scripting languages or applications. It provides illustrations with real code.
Innocent Code is an entertaining read showing how to change your mindset from website construction to website destruction so as to avoid writing dangerous code. Abundant examples from susceptible sites will bring the material alive and help you to guard against:
- SQL Injection, shell command i njection and other attacks based on mishandling meta-characters
- bad input
- cross-site scripting
- attackers who trick users into performing actions
- leakage of server-side secrets
- hidden enemies such as project deadlines, salesmen, messy code and tight budgets
All web programmers need to take precautions against producing websites vulnerable to malicious attack. This is the book which tells you how without trying to turn you into a security specialist.
Dal risvolto di copertina interno
This book is much more than a wake-up call. It is also an eye-opener. Even for those who are already awake to the problems of Web server security, it is a serious guide for what to do and what not to do, with many well-chosen examples. The set of fundamental rules is highly relevant.
Peter G. Neumann, Author of Computer-Related Risks,and moderator of the Internet Risks Forum (risks.org).
This concise and practical book will show where code vulnerabilities lie and how best to fix them. Its value is in showing where code may be exploited to gain access to - or break - systems, but without delving into specific architectures, programming or scripting languages or applications. It provides illustrations with real code.
Innocent Code is an entertaining read showing how to change your mindset from website construction to website destruction so as to avoid writing dangerous code. Abundant examples from susceptible sites will bring the material alive and help you to guard against:
* SQL Injection, shell command i njection and other attacks based on mishandling meta-characters
* bad input
* cross-site scripting
* attackers who trick users into performing actions
* leakage of server-side secrets
* hidden enemies such as project deadlines, salesmen, messy code and tight budgets
All web programmers need to take precautions against producing websites vulnerable to malicious attack. This is the book which tells you how without trying to turn you into a security specialist.
Le informazioni nella sezione "Su questo libro" possono far riferimento a edizioni diverse di questo titolo.
Risultati della ricerca per Innocent Code: A Security wake-up call for web Programmers
Foto dell'editore
Innocent Code: A Security wake-up call for web Programmers
Da: WorldofBooks, Goring-By-Sea, WS, Regno Unito
Valutazione del venditore 5 su 5 stelle
Paperback. Condizione: Very Good. The book has been read, but is in excellent condition. Pages are intact and not marred by notes or highlighting. The spine remains undamaged. Codice articolo GOR003693796
Compra usato
EUR 3,32
Spedizione EUR 6,46
Spedito da Regno Unito a U.S.A.
Spedito da Regno Unito a U.S.A.
Quantità: 1 disponibili
Foto dell'editore
Innocent Code: A Security Wake-Up Call for Web Programmers
Da: ThriftBooks-Dallas, Dallas, TX, U.S.A.
Valutazione del venditore 5 su 5 stelle
Paperback. Condizione: Very Good. No Jacket. May have limited writing in cover pages. Pages are unmarked. ~ ThriftBooks: Read More, Spend Less. Codice articolo G0470857447I4N00
Compra usato
EUR 9,78
Spedizione gratuita
Spedito in U.S.A.
Spedito in U.S.A.
Quantità: 1 disponibili
Immagini fornite dal venditore
Innocent Code: A Security Wake-Up Call for Web Programmers
Da: Bay State Book Company, North Smithfield, RI, U.S.A.
Valutazione del venditore 5 su 5 stelle
Condizione: very_good. Codice articolo BSM.VVI1
Compra usato
EUR 9,78
Spedizione gratuita
Spedito in U.S.A.
Spedito in U.S.A.
Quantità: 1 disponibili
Foto dell'editore
Innocent Code : A Security Wake-Up Call for Web Programmers
Editore:
Wiley & Sons, Incorporated, John, 2004
ISBN 10: 0470857447
ISBN 13: 9780470857441
Antico o usato
Brossura
Da: Better World Books: West, Reno, NV, U.S.A.
Valutazione del venditore 5 su 5 stelle
Condizione: Good. Pages intact with minimal writing/highlighting. The binding may be loose and creased. Dust jackets/supplements are not included. Stock photo provided. Product includes identifying sticker. Better World Books: Buy Books. Do Good. Codice articolo GRP82450087
Compra usato
EUR 9,83
Spedizione gratuita
Spedito in U.S.A.
Spedito in U.S.A.
Quantità: 1 disponibili
Foto dell'editore
Innocent Code : A Security Wake-Up Call for Web Programmers
Editore:
Wiley & Sons, Incorporated, John, 2004
ISBN 10: 0470857447
ISBN 13: 9780470857441
Antico o usato
Brossura
Da: Better World Books, Mishawaka, IN, U.S.A.
Valutazione del venditore 5 su 5 stelle
Condizione: Very Good. Pages intact with possible writing/highlighting. Binding strong with minor wear. Dust jackets/supplements may not be included. Stock photo provided. Product includes identifying sticker. Better World Books: Buy Books. Do Good. Codice articolo GRP82450086
Compra usato
EUR 9,83
Spedizione gratuita
Spedito in U.S.A.
Spedito in U.S.A.
Quantità: 1 disponibili
Foto dell'editore
Innocent Code: A Security wake-up call for web Programmers
Da: AwesomeBooks, Wallingford, Regno Unito
Valutazione del venditore 5 su 5 stelle
Paperback. Condizione: Very Good. Innocent Code: A Security wake-up call for web Programmers This book is in very good condition and will be shipped within 24 hours of ordering. The cover may have some limited signs of wear but the pages are clean, intact and the spine remains undamaged. This book has clearly been well maintained and looked after thus far. Money back guarantee if you are not satisfied. See all our books here, order more than 1 book and get discounted shipping. Codice articolo 7719-9780470857441
Compra usato
EUR 4,98
Spedizione EUR 5,75
Spedito da Regno Unito a U.S.A.
Spedito da Regno Unito a U.S.A.
Quantità: 2 disponibili
Foto dell'editore
Innocent Code : A Security Wake-Up Call for Web Programmers
Editore:
Wiley & Sons, Incorporated, John, 2004
ISBN 10: 0470857447
ISBN 13: 9780470857441
Antico o usato
Brossura
Da: Better World Books Ltd, Dunfermline, Regno Unito
Valutazione del venditore 5 su 5 stelle
Condizione: Very Good. Former library copy. Pages intact with possible writing/highlighting. Binding strong with minor wear. Dust jackets/supplements may not be included. Includes library markings. Stock photo provided. Product includes identifying sticker. Better World Books: Buy Books. Do Good. Codice articolo GRP82472370
Compra usato
EUR 5,42
Spedizione EUR 5,77
Spedito da Regno Unito a U.S.A.
Spedito da Regno Unito a U.S.A.
Quantità: 2 disponibili
Foto dell'editore
Innocent Code: A Security wake-up call for web Programmers
Da: Bahamut Media, Reading, Regno Unito
Valutazione del venditore 5 su 5 stelle
Paperback. Condizione: Very Good. This book is in very good condition and will be shipped within 24 hours of ordering. The cover may have some limited signs of wear but the pages are clean, intact and the spine remains undamaged. This book has clearly been well maintained and looked after thus far. Money back guarantee if you are not satisfied. See all our books here, order more than 1 book and get discounted shipping. Codice articolo 6545-9780470857441
Compra usato
EUR 4,98
Spedizione EUR 8,05
Spedito da Regno Unito a U.S.A.
Spedito da Regno Unito a U.S.A.
Quantità: 2 disponibili
Foto dell'editore
Innocent Code: A Security Wake-Up Call for Web Programmers
Da: Mooney's bookstore, Den Helder, Paesi Bassi
Valutazione del venditore 4 su 5 stelle
Condizione: Very good. Codice articolo E-9780470857441-6-2
Compra usato
EUR 66,57
Spedizione EUR 14,95
Spedito da Paesi Bassi a U.S.A.
Spedito da Paesi Bassi a U.S.A.
Quantità: 1 disponibili
Foto dell'editore
Innocent Code: A Security Wake-Up Call for Web Programmers
Da: BennettBooksLtd, Los Angeles, CA, U.S.A.
Valutazione del venditore 5 su 5 stelle
paperback. Condizione: New. In shrink wrap. Looks like an interesting title! Codice articolo Q-0470857447
Compra nuovo
EUR 91,48
Spedizione EUR 6,01
Spedito in U.S.A.
Spedito in U.S.A.
Quantità: 1 disponibili