Sinossi
Modern web applications are built on a tangle of technologies that have been developed over time and then haphazardly pieced together. Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle security consequences. To keep users safe, it is essential for developers to confidently navigate this landscape.
In The Tangled Web, Michal Zalewski, one of the world’s top browser security experts, offers a compelling narrative that explains exactly how browsers work and why they’re fundamentally insecure. Rather than dispense simplistic advice on vulnerabilities, Zalewski examines the entire browser security model, revealing weak points and providing crucial information for shoring up web application security.
You’ll learn how to:
–Perform common but surprisingly complex tasks such as URL parsing and HTML sanitization
–Use modern security features like Strict Transport Security, Content Security Policy, and Cross-Origin Resource Sharing
–Leverage many variants of the same-origin policy to safely compartmentalize complex web applications and protect user credentials in case of XSS bugs
–Build mashups and embed gadgets without getting stung by the tricky frame navigation policy
–Embed or host user-supplied content without running into the trap of content sniffing
For quick reference, "Security Engineering Cheat Sheets" at the end of each chapter offer ready solutions to problems you’re most likely to encounter. With coverage extending as far as planned HTML5 features, The Tangled Web will help you create secure web applications that stand the test of time.
Le informazioni nella sezione "Riassunto" possono far riferimento a edizioni diverse di questo titolo.
Informazioni sull?autore
Michal Zalewski is an internationally recognized information security expert with a long track record of delivering cutting-edge research. He is credited with discovering hundreds of notable security vulnerabilities and frequently appears on lists of the most influential security experts. He is the author of Silence on the Wire (No Starch Press), Google's "Browser Security Handbook," and numerous important research papers.
Le informazioni nella sezione "Su questo libro" possono far riferimento a edizioni diverse di questo titolo.
Risultati della ricerca per The Tangled Web: A Guide to Securing Modern Web Applications
Foto dell'editore
The Tangled Web: A Guide to Securing Modern Web Applications
Da: World of Books (was SecondSale), Montgomery, IL, U.S.A.
Valutazione del venditore 5 su 5 stelle
Condizione: Good. Item in good condition. Textbooks may not include supplemental items i.e. CDs, access codes etc. Codice articolo 00095758308
Compra usato
EUR 5,31
Spedizione gratuita
Spedito in U.S.A.
Spedito in U.S.A.
Quantità: 3 disponibili
Immagini fornite dal venditore
The Tangled Web: A Guide to Securing Modern Web Applications
Da: Aspen Book Co., Denver, CO, U.S.A.
Valutazione del venditore 5 su 5 stelle
Condizione: good. A well-loved companion. Corners and cover might show a little wear, and you could find some notes or highlights. The dust jacket might be MIA, it might have been a library book and extras aren't guaranteedâ"but the story's all there! Codice articolo PKV.1593273886.G
Compra usato
EUR 5,96
Spedizione gratuita
Spedito in U.S.A.
Spedito in U.S.A.
Quantità: 1 disponibili
Foto dell'editore
The Tangled Web: A Guide to Securing Modern Web Applications
Da: HPB-Red, Dallas, TX, U.S.A.
Valutazione del venditore 5 su 5 stelle
Paperback. Condizione: Good. Connecting readers with great books since 1972! Used textbooks may not include companion materials such as access codes, etc. May have some wear or writing/highlighting. We ship orders daily and Customer Service is our top priority! Codice articolo S_458235276
Compra usato
EUR 4,42
Spedizione EUR 3,22
Spedito in U.S.A.
Spedito in U.S.A.
Quantità: 1 disponibili
Immagini fornite dal venditore
The Tangled Web: A Guide to Securing Modern Web Applications
Da: Goodwill of Silicon Valley, SAN JOSE, CA, U.S.A.
Valutazione del venditore 5 su 5 stelle
Condizione: good. Supports Goodwill of Silicon Valley job training programs. The cover and pages are in Good condition! Any other included accessories are also in Good condition showing use. Use can include some highlighting and writing, page and cover creases as well as other types visible wear. Codice articolo GWSVV.1593273886.G
Compra usato
EUR 7,95
Spedizione EUR 3,43
Spedito in U.S.A.
Spedito in U.S.A.
Quantità: 1 disponibili
Foto dell'editore
The Tangled Web: A Guide to Securing Modern Web Applications
Da: HPB Inc., Dallas, TX, U.S.A.
Valutazione del venditore 5 su 5 stelle
Paperback. Condizione: Very Good. Connecting readers with great books since 1972! Used books may not include companion materials, and may have some shelf wear or limited writing. We ship orders daily and Customer Service is our top priority! Codice articolo S_464786280
Compra usato
EUR 14,36
Spedizione EUR 3,22
Spedito in U.S.A.
Spedito in U.S.A.
Quantità: 1 disponibili
Foto dell'editore
The Tangled Web: A Guide to Securing Modern Web Applications
Da: Half Price Books Inc., Dallas, TX, U.S.A.
Valutazione del venditore 5 su 5 stelle
Paperback. Condizione: Very Good. Connecting readers with great books since 1972! Used books may not include companion materials, and may have some shelf wear or limited writing. We ship orders daily and Customer Service is our top priority! Codice articolo S_469868494
Compra usato
EUR 17,68
Spedizione EUR 3,00
Spedito in U.S.A.
Spedito in U.S.A.
Quantità: 1 disponibili
Immagini fornite dal venditore
The Tangled Web â" A Guide to Securing Modern Web Applications
Da: WeBuyBooks, Rossendale, LANCS, Regno Unito
Valutazione del venditore 5 su 5 stelle
Condizione: Good. Most items will be dispatched the same or the next working day. A copy that has been read but remains in clean condition. All of the pages are intact and the cover is intact and the spine may show signs of wear. The book may have minor markings which are not specifically mentioned. Codice articolo rev9935270927
Compra usato
EUR 14,99
Spedizione EUR 8,91
Spedito da Regno Unito a U.S.A.
Spedito da Regno Unito a U.S.A.
Quantità: 1 disponibili
Foto dell'editore
The Tangled Web: A Guide to Securing Modern Web Applications
Da: HPB-Diamond, Dallas, TX, U.S.A.
Valutazione del venditore 5 su 5 stelle
Paperback. Condizione: Very Good. Connecting readers with great books since 1972! Used books may not include companion materials, and may have some shelf wear or limited writing. We ship orders daily and Customer Service is our top priority! Codice articolo S_469554862
Compra usato
EUR 22,10
Spedizione EUR 3,22
Spedito in U.S.A.
Spedito in U.S.A.
Quantità: 1 disponibili
Foto dell'editore
The Tangled Web: A Guide to Securing Modern Web Applications
Da: GoldBooks, Denver, CO, U.S.A.
Valutazione del venditore 5 su 5 stelle
Paperback. Condizione: new. New Copy. Customer Service Guaranteed. Codice articolo 73D32_86_1593273886
Compra nuovo
EUR 25,19
Spedizione EUR 4,72
Spedito in U.S.A.
Spedito in U.S.A.
Quantità: 1 disponibili
Immagini fornite dal venditore
The Tangled Web: A Guide to Securing Modern Web Applications
Da: Bookbot, Prague, Repubblica Ceca
Valutazione del venditore 5 su 5 stelle
Softcover. Condizione: Fair. Spuren von Feuchtigkeit / Nässe; Leichte Kratzer / Abnutzungen / Druckstellen. "Thorough and comprehensive coverage from one of the foremost experts in browser security." --Tavis Ormandy, Google Inc. Modern web applications are constructed from a complex mix of technologies, each contributing subtle security implications. Developers must adeptly navigate this landscape to ensure user safety. Michal Zalewski, a leading authority on browser security, provides an insightful narrative that clarifies how browsers operate and their inherent insecurities. Instead of offering simplistic advice on vulnerabilities, he delves into the entire browser security model, identifying weaknesses and supplying vital information for enhancing web application security. Key learning points include: executing complex tasks like URL parsing and HTML sanitization; utilizing modern security features such as Strict Transport Security, CSP, and CORS; applying various forms of the same-origin policy to compartmentalize web applications and safeguard user credentials against XSS bugs; creating mashups and embedding gadgets while navigating frame navigation policies; and managing user-supplied content without falling victim to content sniffing. Each chapter concludes with "Security Engineering Cheat Sheets" for quick reference, providing ready solutions to common challenges. With insights extending to anticipated HTML5 features, this resource equips developers to build secure web applications that endure. Codice articolo 8106bd12-3c59-453e-a7ff-204e23c62e9f
Compra usato
EUR 13,35
Spedizione EUR 20,99
Spedito da Repubblica Ceca a U.S.A.
Spedito da Repubblica Ceca a U.S.A.
Quantità: 1 disponibili