Security for Web Developers EBook - PDF version

Security for Web Developers - ePub version

1. Introduction
2. Cross-site scripting
3. Cross-site request forgery (CSRF)
4. Clickjacking
5. Third-party assets security risks
6. HTTPS downgrade attacks
7. Where to go next

Web security is a vast and constantly evolving topic, just like web technologies themselves. Among your duties as a professional web developer, you must be aware of the dangers to which the applications you create may be exposed and apply appropriate solutions to protect them.

This book will drive you through a hands-on exploration of a few of the most
notorious threats that can affect web applications. Reading it you will learn:
- How Cross-Site Scripting (XSS) works and how you  prevent it
- The mechanics of Cross-Site Request Forgery (CSRF) attacks and how you can defend against them
- How to prevent Clickjacking attacks
- How to mitigate Third-Party assets security risks
- How attackers can downgrade HTTPS connections to unencrypted HTTP traffic