Aucun appareil Kindle n'est requis. Téléchargez l'une des applis Kindle gratuites et commencez à lire les livres Kindle sur votre smartphone, tablette ou ordinateur.

  • Apple
  • Android
  • Windows Phone
  • Android

Pour obtenir l'appli gratuite, saisissez votre numéro de téléphone mobile.

Prix Kindle : EUR 21,99

Économisez
EUR 25,23 (53%)

TVA incluse

Ces promotions seront appliquées à cet article :

Certaines promotions sont cumulables avec d'autres offres promotionnelles, d'autres non. Pour en savoir plus, veuillez vous référer aux conditions générales de ces promotions.

Envoyer sur votre Kindle ou un autre appareil

Envoyer sur votre Kindle ou un autre appareil

The Tangled Web: A Guide to Securing Modern Web Applications par [Zalewski, Michal]
Publicité sur l'appli Kindle

The Tangled Web: A Guide to Securing Modern Web Applications 1 , Format Kindle


Voir les 2 formats et éditions Masquer les autres formats et éditions
Prix Amazon
Neuf à partir de Occasion à partir de
Format Kindle
"Veuillez réessayer"
EUR 21,99

Description du produit

Présentation de l'éditeur

"Thorough and comprehensive coverage from one of the foremost experts in browser security."

—Tavis Ormandy, Google Inc.


Modern web applications are built on a tangle of technologies that have been developed over time and then haphazardly pieced together. Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle security consequences. To keep users safe, it is essential for developers to confidently navigate this landscape.


In The Tangled Web, Michal Zalewski, one of the world's top browser security experts, offers a compelling narrative that explains exactly how browsers work and why they're fundamentally insecure. Rather than dispense simplistic advice on vulnerabilities, Zalewski examines the entire browser security model, revealing weak points and providing crucial information for shoring up web application security. You'll learn how to:


  • Perform common but surprisingly complex tasks such as URL parsing and HTML sanitization
  • Use modern security features like Strict Transport Security, Content Security Policy, and Cross-Origin Resource Sharing
  • Leverage many variants of the same-origin policy to safely compartmentalize complex web applications and protect user credentials in case of XSS bugs
  • Build mashups and embed gadgets without getting stung by the tricky frame navigation policy
  • Embed or host user-supplied content without running into the trap of content sniffing

For quick reference, "Security Engineering Cheat Sheets" at the end of each chapter offer ready solutions to problems you're most likely to encounter. With coverage extending as far as planned HTML5 features, The Tangled Web will help you create secure web applications that stand the test of time.


Détails sur le produit

  • Format : Format Kindle
  • Taille du fichier : 1753 KB
  • Nombre de pages de l'édition imprimée : 320 pages
  • Utilisation simultanée de l'appareil : Illimité
  • Editeur : No Starch Press; Édition : 1 (19 novembre 2011)
  • Vendu par : Amazon Media EU S.à r.l.
  • Langue : Anglais
  • ASIN: B006FZ3UNI
  • Synthèse vocale : Activée
  • X-Ray :
  • Word Wise: Non activé
  • Composition améliorée: Non activé
  • Moyenne des commentaires client : Soyez la première personne à écrire un commentaire sur cet article
  • Classement des meilleures ventes d'Amazon: n°266.743 dans la Boutique Kindle (Voir le Top 100 dans la Boutique Kindle)
  • Voulez-vous nous parler de prix plus bas?

click to open popover

Commentaires en ligne

Il n'y a pas encore de commentaires clients sur Amazon.fr
5 étoiles
4 étoiles
3 étoiles
2 étoiles
1 étoile

Commentaires client les plus utiles sur Amazon.com (beta) (Peut contenir des commentaires issus du programme Early Reviewer Rewards)

Amazon.com: 4.0 étoiles sur 5 35 commentaires
5.0 étoiles sur 5 Mandatory reading for every web developer 9 juin 2012
Par Ilya Grigorik - Publié sur Amazon.com
Format: Broché Achat vérifié
"Gaining insights into the underlying mechanics of web applications is far more important that memorizing several thousand random and often unnecessary terms."

That one sentence sums up why "The Tangled Web" is, hands down, the best book on web and browser security. It is all too easy to criticize, lament, and create paranoid scenarios about the "unsound security foundations" of the web. Truth is, all of that criticism is true, and yet the web has proven to be an incredibly robust platform. In this book Michal Zalewski walks us through the history and the evolution of the architecture of the popular browsers, servers, protocols, and everything in between - as it relates security of modern web applications.

Instead of focusing on the usual security acronyms and "attack classes", this book will give you something much more powerful: a bottom up understanding of how a modern browser operates, why it does what it does, and what implications this has for designing more secure applications. This book should be mandatory reading for every web-developer. Highly recommend it.
1 internautes sur 2 ont trouvé ce commentaire utile 
1.0 étoiles sur 5 I don't understand what the hype around this book is about 7 mai 2017
Par Pen Name - Publié sur Amazon.com
Format: Broché Achat vérifié
I am a software engineer currently working on several web app projects. I have a moderate background in web app security and I bought this book in order to gain better insight on the subject.
This book is poorly structured. It seems like the author compiled his scribbles and notes into a book without considering how they would fit together. The content is superficial at best and lacks examples. Moreover, it seems like the author has used this book as a stage to talk negatively on internet Explorer (we get it, it's a bad browser). I tried to give this book multiple chances but had to stop reading it around page 150. It's simply a bad book.
I recommend to stay away from this book and consider other options (such as Web App Hacker Handbook) to anyone interested to learn web app security.
5.0 étoiles sur 5 Best applied tech book I've ever read 11 avril 2013
Par Maxim Kachurovskiy - Publié sur Amazon.com
Format: Broché Achat vérifié
This book is AWESOME. One should not be allowed to work on sensitive product without studying it.

Before I didn't even realized that e.g. when Flash makes cross domain requests it appends all ambient credentials - and there are so many insights like this in this book.

While reading I also found a bunch of critical vulnerabilities in the projects I know.
5.0 étoiles sur 5 Good guidance for developing secure web applications 4 juillet 2014
Par rpm507 - Publié sur Amazon.com
Format: Format Kindle Achat vérifié
Did you know that every web application should have a crossdomain.xml? Check the top level of most popular sites. That is just one of the tips available in the Security Engineering Cheat Sheets in this book. Some of the content is a little dated but the guidance is very applicable.
6 internautes sur 7 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 Systematic coverage of browser security 1 décembre 2011
Par Marcin Antkiewicz - Publié sur Amazon.com
Format: Broché Achat vérifié
The book provides systematic coverage of browser security. The first 6 pages of chapter 1 provide brilliant insight into why formal security models, risk management and taxonomies fail to deliver promised security improvements to organizations that embrace them. I used to explain the same with a lot of hand weaving, Zalewski's approach and insight are far superior.

Make no mistake, the book is focused on the browser and related technologies rather than the theory of security. The same tremendous insight, that made me nod with appreciation and wish that I had the book 5 years ago while working on security policies, illuminates browser concepts like in-browser content separation, scripting, and much more.

I appreciate the authors treatment of each of the concepts in the context of the browser as a complex and still evolving technology, with it's own history, standards, market requirements and politics.
Ces commentaires ont-ils été utiles ? Dites-le-nous