چه کسانی این کتاب را می‌خوانند

دانشجوعلاقه‌مند یادگیری
کتابخوان حرفه‌ایلذت مطالعه
نویسندهالهام‌گیری

Security for Web Developers - Using JavaScript, HTML, and CSS (Early Release, Raw & Unedited)

John Paul Mueller

قیمت نهایی

۴۴٬۰۰۰ تومان۴۹٬۰۰۰ تومان۱۰٪ تخفیف
  • تخفیف زمان‌دار−۵٬۰۰۰ تومان

۵٬۰۰۰ تومان صرفه‌جویی نسبت به قیمت اصلی

نسخه اصلی و اورجینال

بلافاصله پس از خرید، فایل کتاب روی دستگاه شما آمادهٔ دانلود است.

تحویل فوری
پرداخت امن
ضمانت فایل
پشتیبانی

مشخصات کتاب

نویسنده
John Paul Mueller
سال انتشار
۲۰۱۵
فرمت
PDF
زبان
انگلیسی
حجم فایل
۴٫۲ مگابایت

دربارهٔ کتاب

As a web developer, you may not want to spend time making your web app secure, but it definitely comes with the territory. This practical guide provides you with the latest information on how to thwart security threats at several levels, including new areas such as microservices. You’ll learn how to help protect your app no matter where it runs, from the latest smartphone to an older desktop, and everything in between.Author John Paul Mueller delivers specific advice as well as several security programming examples for developers with a good knowledge of CSS3, HTML5, and JavaScript. In five separate sections, this book shows you how to protect against viruses, DDoS attacks, security breaches, and other nasty intrusions.Create a security plan for your organization that takes the latest devices and user needs into accountDevelop secure interfaces, and safely incorporate third-party code from libraries, APIs, and microservicesUse sandboxing techniques, in-house and third-party testing techniques, and learn to think like a hackerImplement a maintenance cycle by determining when and how to update your application softwareLearn techniques for efficiently tracking security threats as well as training requirements that your organization can use\*\*About the AuthorJohn Paul Mueller is a technical editor and freelance author who has written on topics ranging from database management to heads-down programming, from networking to artificial intelligence. He is the author of Start Here!TM Learn Microsoft Visual C#® 2010. Cover 1 1. Defining the Application Environment 3 Specifying Web Application Threats 4 Understanding Software Security Assurance (SSA) 7 Considering the OSSAP 8 Defining SSA Requirements 10 Categorizing Data and Resources 10 Performing the Required Analysis 11 Logic 11 Data 12 Interface 12 Constraint 13 Delving into Language-specific Issues 13 Defining the Key HTML Issues 13 Defining the Key CSS Issues 14 Defining the Key JavaScript Issues 15 Considering Endpoint Defense Essentials 15 Preventing Security Breaches 16 Detecting Security Breaches 17 Remediating Broken Software 17 Dealing with Cloud Storage 18 Using External Code and Resources 19 Defining the Use of Libraries 20 Defining the Use of APIs 21 Defining the Use of Microservices 22 Accessing External Data 23 Allowing Access by Others 25 2. Embracing User Needs and Expectations 27 Developing a User View of the Application 27 Considering Bring Your Own Device (BYOD) Issues 28 Understanding Web-based Application Security 29 Considering Native App Issues 30 Using Custom Browsers 31 Verifying Code Compatibility Issues 32 Handling Nearly Continuous Device Updates 35 Devising Password Alternatives 36 Working with Passphrases 37 Using Biometric Solutions 38 Relying on Key Cards 39 Relying on USB Keys 40 Implementing a Token Strategy 41 Focusing On User Expectations 41 Making the Application Easy to Use 41 Making the Application Fast 42 Creating a Reliable Environment 42 Keeping Security in Perspective 43 3. Getting Third Party Assistance 44 Discovering Third Party Security Solutions 44 Considering Cloud Security Solutions 46 Understanding Data Repositories 47 Dealing with File Sharing Issues 49 Considering Cloud Storage 51 Choosing Between Product Types 52 Working with Libraries 53 Accessing APIs 53 Considering Microservices 55 4. Developing Successful Interfaces 58 Assessing the User Interface 59 Creating a Clear Interface 59 Making Interfaces Flexible 62 Providing User Helps 64 Defining the Accessibility Issues 65 Providing Controlled Choices 68 Choosing a User Interface Solution Level 71 Implementing Standard HTML Controls 71 Working with CSS Controls 71 Creating Controls Using JavaScript 73 Relying on Client Controls 73 Relying on Server Controls 74 Validating the Input 74 Allowing Specific Input Only 74 Looking for Sneaky Inputs 75 Requesting New Input 75 Using Both Client-side and Server-side Validation 76 Expecting the Unexpected 77 5. Building Reliable Code 78 Differentiating Reliability and Security 79 Defining the Roles of Reliability and Security 79 Avoiding Security Holes in Reliable Code 82 Focusing On Application Functionality 83 Developing Team Protocols 84 Creating a Lessons Learned Feedback Loop 86 Considering Issues of Packaged Solutions 88 Dealing with External Libraries 88 Dealing with External APIs 90 Working with Frameworks 92 Calling Into Microservices 94 6. Incorporating Libraries 96 Considering Library Uses 97 Enhancing CSS with Libraries 97 Interacting with HTML using Libraries 99 Extending JavaScript with Libraries 101 Differentiating Between Internally Stored and Externally Stored Libraries 103 Defining the Security Threats Posed by Libraries 104 Enabling Strict Mode 106 Developing a Content Security Policy (CSP) 108 Incorporating Libraries Safely 109 Researching the Library Fully 110 Defining the Precise Library Uses 110 Keeping Library Size Small and Content Focused 110 Performing the Required Testing 112 Differentiating Between Libraries and Frameworks 112 7. Using APIs with Care 116 Differentiating Between APIs and Libraries 117 Considering the Differences in Popularity 117 Defining the Differences in Usage 118 Extending JavaScript Using APIs 119 Locating Appropriate APIs 119 Creating a Simple Example 120 Defining the Security Threats Posed by APIs 124 Ruining Your Good Name with MailPoet 125 Developing a Picture of the Snappening 125 Losing Your Device with Find My iPhone 125 Leaking Your Most Important Information with Heartbleed 126 Suffering from Shellshock 126 Accessing APIs Safely from JavaScript 127 Verifying API Security 127 Testing Inputs and Outputs 127 Keeping Data Localized and Secure 128 Coding Defensively 128 8. Considering the Use of Microservices 129 Defining Microservices 130 Specifying Microservice Characteristics 130 Differentiating Microservices and Libraries 131 Differentiating Microservices and APIs 131 Considering Microservice Politics 132 Making Microservice Calls Using JavaScript 133 Understanding the Role of REST in Communication 134 Transmitting Data Using JSON 134 Creating a Microservice Using Node.js and Seneca 135 Defining the Security Threats Posed by Microservices 138 Lack of Consistency 138 Considering the Role of the Virtual Machine 138 Using JSON for Data Transfers 139 Considering the Dangers of eval() 139 Defending Against Cross-site Request Forgery 140 Defining Transport Layer Security 140 Creating Alternate Microservice Paths 141 9. Thinking Like a Hacker 143 Defining a Need for Web Security Scans 143 Building a Testing System 148 Considering the Test System Uses 148 Getting the Required Training 148 Creating the Right Environment 149 Using Virtual Machines 150 Getting the Tools 150 Configuring the System 151 Restoring the System 151 Defining the Most Common Breach Sources 152 Avoiding SQL Injection Attacks 152 Understanding Cross-Site Scripting 153 Tackling Denial of Service Issues 154 Nipping Predictable Resource Location 155 Overcoming Unintentional Information Disclosure 155 Testing in a BYOD Environment 156 Configuring a Remote Access Zone 157 Checking for Cross Application Hacks 158 Dealing with Really Ancient Equipment and Software 158 Relying on User Testing 159 Letting the User Run Amok 160 Developing Reproducible Steps 160 Giving the User a Voice 161 Using Outside Security Testers 161 Considering the Penetration Testing Company 162 Managing the Project 162 Covering the Essentials 163 Getting the Report 163 As a web developer, you may not want to spend time making your web app secure, but it definitely comes with the territory. This practical guide provides you with the latest information on how to thwart security threats at several levels, including new areas such as microservices. You ll learn how to help protect your app no matter where it runs, from the latest smartphone to an older desktop, and everything in between. Author John Paul Mueller delivers specific advice as well as several security programming examples for developers with a good knowledge of CSS3, HTML5, and JavaScript. In five separate sections, this book shows you how to protect against viruses, DDoS attacks, security breaches, and other nasty intrusions.Create a security plan for your organization that takes the latest devices and user needs into accountDevelop secure interfaces, and safely incorporate third-party code from libraries, APIs, and microservicesUse sandboxing techniques, in-house and third-party testing techniques, and learn to think like a hackerImplement a maintenance cycle by determining when and how to update your application softwareLearn techniques for efficiently tracking security threats as well as training requirements that your organization can use" Some books give you good advice, but only about part of the security problem. Others provide solutions so generic that they aren’t truly useful. Unfortunately, attacking only part of the problem leaves you open to hacking or other security issues. And general advice no longer meets current security needs. This practical book provides specific advice for the HTML5, JavaScript, and CSS developer on all areas of security, including new areas not found in any other book, such as microservices. You'll get a complete view of security changes needed to protect an application and keep its data safe. Understand the real sources of threats to web applications Learn how to use new technologies such as microservices in a safe manner Get information-rich information on third party APIs, libraries, microservices, and other sources of code that you rely on Find solutions that help make the problems smaller, more manageable, and fixable at specific stages of application development Annotation Some books give you good advice, but only about part of the security problem. Others provide solutions so generic that they aren't truly useful. Unfortunately, attacking only part of the problem leaves you open to hacking or other security issues. And general advice no longer meets current security needs. This practical book provides specific advice for the HTML5, JavaScript, and CSS developer on all areas of security, including new areas not found in any other book, such as microservices. You'll get a complete view of security changes needed to protect an application and keep its data safe "As a web developer, you may not want to spend time making your web app secure, but it definitely comes with the territory. This practical guide provides you with the latest information on how to thwart security threats at several levels, including new areas such as microservices."--Page 4 of cover

قیمت نهایی

۴۴٬۰۰۰ تومان