Автор: Matthew Baker
Издательство: Apress
Год: 2022
Страниц: 471
Язык: английский
Формат: pdf (true), epub
Размер: 16.2 MB
Cyberattacks are becoming more commonplace and the Open Web Application Security Project (OWASP), estimates 94% of sites have flaws in their access control alone. Attacks evolve to work around new defenses, and defenses must evolve to remain effective. Developers need to understand the fundamentals of attacks and defenses in order to comprehend new techniques as they become available.
This book uses a hand-on approach to teach you how to write secure web applications and will highlight how hackers attack applications along with a broad arsenal of defenses. You'll see how to Implement the right defenses in Python/Django applications to prevent such attacks. Secure Web Application Development is your guide to picking the appropriate techniques to close vulnerabilities and ensuring you still provide users with their needed functionality.
You will:
Understand common coding vulnerabilities and how to avoid them
Configure services, such as databases and web servers, to minimize the risk of attack
Implement secure methods for password management, authentication, and authorization
Safely manage requests to and from external web sites
Establish a framework for modelling and assessing risks
Who This Book Is For:
This book is aimed primarily at software engineers who develop, or want to develop, web applications and APIs. It is also written for penetration testers who want to understand more about how web applications are written and how they are attacked. It will also suit managers and security policymakers who want to know what threats web applications face and what measures can prevent attacks.
This book is very hands-on. We believe you only truly understand a concept when you put it into practice. Throughout the book, we will use a sample web application called Coffeeshop to practice exploits and fixes on. It is written in Python with the Django web application framework. This application runs in a pair of virtual machines (VMs) on Ubuntu Linux through the Apache web server. To follow the exercises, you will install the VMs on your PC, Mac, or Linux workstation.
You will need some familiarity with Python to fully understand the exercises. However, the security concepts and exploits in this book are not language specific, so, exercises aside, most of the book is relevant for other languages too. A basic understanding of the Django web framework and Linux operation system is also helpful. However, if you do not have this, there is a link to Django documentation and a crash course in Linux in the next chapter.
Скачать Secure Web Application Development: A Hands-On Guide with Python and Django