Web Application Security, A Beginner's Guide et plus d'un million d'autres livres sont disponibles pour le Kindle d'Amazon. En savoir plus


ou
Identifiez-vous pour activer la commande 1-Click.
ou
en essayant gratuitement Amazon Premium pendant 30 jours. Votre inscription aura lieu lors du passage de la commande. En savoir plus.
Amazon Rachète votre article
Recevez un chèque-cadeau de EUR 6,25
Amazon Rachète cet article
Plus de choix
Vous l'avez déjà ? Vendez votre exemplaire ici
Désolé, cet article n'est pas disponible en
Image non disponible pour la
couleur :
Image non disponible

 
Commencez à lire Web Application Security, A Beginner's Guide sur votre Kindle en moins d'une minute.

Vous n'avez pas encore de Kindle ? Achetez-le ici ou téléchargez une application de lecture gratuite.

Web Application Security: A Beginner's Guide [Anglais] [Broché]

Vincent Liu , Bryan Sullivan

Prix : EUR 30,97 Livraison à EUR 0,01 En savoir plus.
  Tous les prix incluent la TVA
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
Il ne reste plus que 1 exemplaire(s) en stock (d'autres exemplaires sont en cours d'acheminement).
Expédié et vendu par Amazon. Emballage cadeau disponible.
Voulez-vous le faire livrer le samedi 2 août ? Choisissez la livraison en 1 jour ouvré sur votre bon de commande. En savoir plus.

Formats

Prix Amazon Neuf à partir de Occasion à partir de
Format Kindle EUR 21,21  
Broché EUR 30,97  
Vendez cet article - Prix de rachat jusqu'à EUR 6,25
Vendez Web Application Security: A Beginner's Guide contre un chèque-cadeau d'une valeur pouvant aller jusqu'à EUR 6,25, que vous pourrez ensuite utiliser sur tout le site Amazon.fr. Les valeurs de rachat peuvent varier (voir les critères d'éligibilité des produits). En savoir plus sur notre programme de reprise Amazon Rachète.

Description de l'ouvrage

1 décembre 2000 Beginner's Guide

Security Smarts for the Self-Guided IT Professional

“Get to know the hackers—or plan on getting hacked. Sullivan and Liu have created a savvy, essentials-based approach to web app security packed with immediately applicable tools for any information security practitioner sharpening his or her tools or just starting out.” —Ryan McGeehan, Security Manager, Facebook, Inc.

Secure web applications from today's most devious hackers. Web Application Security: A Beginner's Guide helps you stock your security toolkit, prevent common hacks, and defend quickly against malicious attacks.

This practical resource includes chapters on authentication, authorization, and session management, along with browser, database, and file security--all supported by true stories from industry. You'll also get best practices for vulnerability detection and secure development, as well as a chapter that covers essential security fundamentals. This book's templates, checklists, and examples are designed to help you get started right away.

Web Application Security: A Beginner's Guide features:

  • Lingo--Common security terms defined so that you're in the know on the job
  • IMHO--Frank and relevant opinions based on the authors' years of industry experience
  • Budget Note--Tips for getting security technologies and processes into your organization's budget
  • In Actual Practice--Exceptions to the rules of security explained in real-world contexts
  • Your Plan--Customizable checklists you can use on the job now
  • Into Action--Tips on how, why, and when to apply new skills and techniques at work


Offres spéciales et liens associés


Produits fréquemment achetés ensemble

Web Application Security: A Beginner's Guide + The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
Acheter les articles sélectionnés ensemble

Les clients ayant acheté cet article ont également acheté


Descriptions du produit

Biographie de l'auteur

Bryan Sullivan is a senior security researcher at Adobe Systems, where he focuses on web and cloud security issues. He was previously a security program manager on the Microsoft Security Development Lifecycle team and a development manager at HP, where he helped to design HP's vulnerability scanning tools, Webinspect and Devinspect.

Vincent Liu, CISSP, is a managing partner at Stach & Liu. He previously led the Attack & Penetration and Reverse Engineering teams for Honeywell's Global Security group and was an analyst at the National Security Agency. Vincent is a coauthor of Hacking Exposed: Web Applications, Third Edition and Hacking Exposed Wireless, Second Edition.


Détails sur le produit


En savoir plus sur les auteurs

Découvrez des livres, informez-vous sur les écrivains, lisez des blogs d'auteurs et bien plus encore.

Dans ce livre (En savoir plus)
Parcourir les pages échantillon
Couverture | Copyright | Table des matières | Extrait | Index
Rechercher dans ce livre:

Commentaires en ligne 

Il n'y a pas encore de commentaires clients sur Amazon.fr
5 étoiles
4 étoiles
3 étoiles
2 étoiles
1 étoiles
Commentaires client les plus utiles sur Amazon.com (beta)
Amazon.com: 4.5 étoiles sur 5  11 commentaires
21 internautes sur 21 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 Impressive and relevant book on Application Security 28 novembre 2011
Par Application Security - Publié sur Amazon.com
Format:Broché
I was given the chance to read an early release of this book since I've been focusing on application security (appsec) professionally for several years. I was skeptical, since many of the appsec books in the market are attack focused, a topic that has already been well covered.

I was pleasantly surprised reading "Web Application Security, A Beginners Guide". First of all, it was very clearly written and is sensible and accessible. It's also very complete for a beginners book. I was surprised at just how much relevant information was covered on each topic. Last, it covers application defense in a very detailed and relevant way. This is a good "first book" for a web application programmer who wants to write secure applications.

I think that this is a good book not just for a beginner at application security, for even seasoned security professionals should give this a read. I have not seen so much relevant and pragmatic detail around application security defense until I picked up this book.
14 internautes sur 14 ont trouvé ce commentaire utile 
4.0 étoiles sur 5 If you haven't thought about security yet - this is the book for you. 2 décembre 2011
Par blowdart - Publié sur Amazon.com
Format:Broché
It's rather strange for me reviewing Web Application Security - A Beginner's Guide given that I've written a book on the same topic, but as I know one of the authors, Bryan Sullivan and McGraw Hill offered me a copy for review it seems rather churlish not to.

Bryan and Vincent Liu have produced a book which is technology agnostic, covering web security via principles rather than sample code. It is a complete beginner's book, suitable for a developer who has never thought about security before or for a manager to try to figure out just what the heck their developers are talking about and why they want to spend some extra development time locking something down.

As the book is principle based it's easy to read through, each chapter does contain a lot of information about the topic under discussion - for example the authorization chapter covers not just where to authorize but types of permissions, controls, client side attacks, exploits, session management and SSL. The book doesn't stay just on the server application, it reaches out to browser security, database security, file server security and how to build security into your processes and development cycle.

This isn't a book a developer can use to solve their problems, rather it's a book that should send them off to learn more about their specific languages or frameworks. The advice contained inside is practical though and provides checklists for readers to use to ensure they're thinking in the right way. You'll end up knowing what the problems are and how to solve them in theory, but to learn how to solve them in practice for your system is left as an exercise for the reader. This isn't a bad thing at all, when you hunt down and figure out the solution on your own, or research further with other books or resources the resulting solution may stick with you for longer, rather than just having the code given to you on a plate.

If you're a developer than already knows some of the risks you may be better off with a book targeted at your area of expertise. If you haven't thought about security yet, or even better, you're a student who is just starting out on web application development then this book is for you. Frankly I'd like to ram it into the brain of every student currently doing any development courses at university, the knowledge gained would save us all a lot of trouble in a few years time.
7 internautes sur 7 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 A much needed book 2 juillet 2012
Par A. Patterson - Publié sur Amazon.com
Format:Broché|Achat vérifié
I don't know that I can add much to what people like Adam Shostack have said about the book, but since all the other reviews seem to be written by people who were given review copies, I'll write a review as someone who actually purchased the book. Actually, I purchased 38 copies of the book, and caused Amazon to be back-ordered for about 2 weeks.

I teach a basic security class for web application developers, and this is the book I used for the most recent iteration of the class. It was perfect for the class. Technology agnostic, a reasonable length, and easily accessible by people with web app development experience but not necessarily security experience. Unlike most security books, which are often a catalog of "bad things that can happen", Sullivan and Liu's book covers the topic from the direction of teaching fundamental security principles first, and applying those principles to topics such as authentication, authorization, browser security, and database security. It does very little to cover specific technologies. The developer will probably need to use other technology specific references, but reading this book first will give developers the background they need to apply security principles to their own technology.

The writing is excellent. The material is basic enough for the beginner in security, but in-depth enough that I learned quite a bit, even after several years of experience in app security. The authorization chapter, in particular, should be required reading. After reading that chapter, I finally understood concepts that I'd always struggled with.
6 internautes sur 6 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 A great book for those new to web security 24 janvier 2012
Par Adam Shostack - Publié sur Amazon.com
Format:Broché
I think this is a great book for those new to web security.

It's easy for security experts like Bryan and Vinnie to overwhelm people new to the field, and they do an excellent job of avoiding that risk. How to effectively avoid risks is a theme throughout the book, and the authors do a really good job of keeping it conversational, understandable, and applicable.

I'd also like to address a claim made by Blowdart "This isn't a book a developer can use to solve their problems, rather it's a book that should send them off to learn more about their specific languages or frameworks." I get where he's coming from, and respectfully disagree. The book isn't a cookbook with 1,001 recipes for blocking SQL Injection, but it covers input validation, regexps, escaping input, and driving into stored procedures or prepared statements along with the risks. I think that's a good level of understanding that a developer should have so that they know the strategy and approaches to take; writing code in a specific language is left as an exercise for the reader. Digging in deeper would mean that there's a new book every 2-3 years to address the latest way to copy a string safely. This book strikes a good, practical balance.

Lastly, I should mention that Bryan works down the hall, gave me a copy, and cites a bunch of my work in the book.
5 internautes sur 5 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 EXACTLY What I Was Looking For 18 février 2013
Par Slick Rhoads - Publié sur Amazon.com
Format:Broché
All of my web apps to-date have been internal tools (they live behind the corporate firewall) so security has been of secondary concern. After reading this book, I realized just how ignorant I was concerning even *basic* security principles. After reading the part on SQL-injection I immediately went to one of my websites and busted it. Ha!

This book was exactly what I needed: It scared the pants off of me. It gives you enough detail to explain each concept without hooking your lips up to the fire hose.

I'm soooo glad I read this book before starting work on some external web services and web apps I'm on the hook to deliver.

If you develop web apps and have never heard of things like "SQL-injection" or "cross site scripting," do yourself a favor and go read this book before you create any more vulnerable web apps. :)

My eyes have been opened and I will be coding/configuring my apps differently in the future.

Thanks guys!
Ces commentaires ont-ils été utiles ?   Dites-le-nous

Discussions entre clients

Le forum concernant ce produit
Discussion Réponses Message le plus récent
Pas de discussions pour l'instant

Posez des questions, partagez votre opinion, gagnez en compréhension
Démarrer une nouvelle discussion
Thème:
Première publication:
Aller s'identifier
 

Rechercher parmi les discussions des clients
Rechercher dans toutes les discussions Amazon
   


Rechercher des articles similaires par rubrique


Commentaires

Souhaitez-vous compléter ou améliorer les informations sur ce produit ? Ou faire modifier les images?