Web Application Attacks and Defences (Kindle Edition)

Please note that the number of pages is approximate pending publication, and refers to the paperback edition of the book, as Kindle editions are not paginated in the conventional way.

The Kindle edition of this book will be published in September 2012. A full description of the contents will be available in September.

Written for professional and student Web developers, this little book provides a clear guide to different kinds of malicious attack on Web applications, and the ways in which the developer can defend their application against these attacks.

Web applications may use secure communication and implement a secure authentication scheme, but still be vulnerable to attacks by way of specially crafted data that may be sent by malefactors. This book explains how requests which may seem legitimate can be used as a vehicle for injection attacks which access private files, execute commands on the server, generate bulk email, and execute database queries. It also describes those attacks, usually called cross-site scripting attacks, which rely on deceiving the Web application into executing JavaScript which can obtain data or cookies from visitors to the site.

The defence against such attacks is to ensure that malicious data submitted to the Web application is either rejected or rendered harmless. This guide describes how this can be achieved.

Short working programs written in JavaScript/Node.js are provided throughout the book and via the companion site websecuritytopics.info.