Security for Web Developers. Using JavaScript, HTML, and CSS John Paul Mueller

(ebook)

Security for Web Developers. Using JavaScript, HTML, and CSS John Paul Mueller - okladka książki

Autor:: John Paul Mueller
Wydawnictwo:: O'Reilly Media (Z chęcią przeczytam książkę w języku polskim)
Ocena:: Bądź pierwszym, który oceni tę książkę
Stron:: 384
Dostępne formaty:: ePub

Mobi

Ebook 152,15 zł najniższa cena z 30 dni

~~179,00 zł~~ (-15%)
152,15 zł

Dodaj do koszyka lub Kup na prezent Kup 1-kliknięciem

152,15 zł najniższa cena z 30 dni

Przenieś na półkę

Do przechowalni

As a web developer, you may not want to spend time making your web app secure, but it definitely comes with the territory. This practical guide provides you with the latest information on how to thwart security threats at several levels, including new areas such as microservices. You’ll learn how to help protect your app no matter where it runs, from the latest smartphone to an older desktop, and everything in between.

Author John Paul Mueller delivers specific advice as well as several security programming examples for developers with a good knowledge of CSS3, HTML5, and JavaScript. In five separate sections, this book shows you how to protect against viruses, DDoS attacks, security breaches, and other nasty intrusions.

Create a security plan for your organization that takes the latest devices and user needs into account
Develop secure interfaces, and safely incorporate third-party code from libraries, APIs, and microservices
Use sandboxing techniques, in-house and third-party testing techniques, and learn to think like a hacker
Implement a maintenance cycle by determining when and how to update your application software
Learn techniques for efficiently tracking security threats as well as training requirements that your organization can use

Wybrane bestsellery

O autorze ebooka

John Paul Mueller jest wolnym strzelcem i redaktorem technicznym. Napisał 104 książki i ponad 600 artykułów o różnorodnej tematyce — od sieci po sztuczną inteligencję, od zarządzania bazami danych po inne obszary programowania. Jest konsultantem, przygotowuje różnego rodzaju egzaminy certyfikacyjne. Ma własną witrynę internetową pod adresem https://johnmuellerbooks.com

Ebooka "Security for Web Developers. Using JavaScript, HTML, and CSS" przeczytasz na:

czytnikach Inkbook, Kindle, Pocketbook, Onyx Boox i innych
systemach Windows, MacOS i innych

systemach Windows, Android, iOS, HarmonyOS
na dowolnych urządzeniach i aplikacjach obsługujących formaty: PDF, EPub, Mobi

Masz pytania? Zajrzyj do zakładki Pomoc »

Oceny i opinie klientów: Security for Web Developers. Using JavaScript, HTML, and CSS John Paul Mueller

(0)

Szczegóły ebooka

ISBN Ebooka:: 978-14-919-2870-7, 9781491928707
Data wydania ebooka :: 2015-11-10 Data wydania ebooka często jest dniem wprowadzenia tytułu do sprzedaży i może nie być równoznaczna z datą wydania książki papierowej. Dodatkowe informacje możesz znaleźć w darmowym fragmencie. Jeśli masz wątpliwości skontaktuj się z nami [wyświetl email]@ebookpoint.pl.
Język publikacji:: 1
Rozmiar pliku ePub:: 5.2MB
Rozmiar pliku Mobi:: 13.6MB

Zgłoś erratę

Kategorie

Kliknij, aby zgłosić błędnie przypisaną kategorię »

Informatyka » Webmasterstwo » JavaScript
Informatyka » Hacking » Inne
Informatyka » Hacking » Bezpieczeństwo WWW
Informatyka » Webmasterstwo » CSS
Informatyka » Webmasterstwo » HTML i XHTML
Informatyka » Programowanie » Java

Spis treści ebooka

Preface
- About This Book
- What You Need to Know
- Development Environment Considerations
- Icons Used in This Book
- Conventions Used in This Book
- Where to Get More Information
- Using Code Examples
- Safari Books Online
- How to Contact Us
- Acknowledgments
I. Developing a Security Plan
1. Defining the Application Environment
- Specifying Web Application Threats
- Understanding Software Security Assurance (SSA)
  - Considering the OSSAP
  - Defining SSA Requirements
  - Categorizing Data and Resources
  - Performing the Required Analysis
    - Logic
    - Data
    - Interface
    - Constraint
- Delving into Language-Specific Issues
  - Defining the Key HTML Issues
  - Defining the Key CSS Issues
  - Defining the Key JavaScript Issues
- Considering Endpoint Defense Essentials
  - Preventing Security Breaches
  - Detecting Security Breaches
  - Remediating Broken Software
- Dealing with Cloud Storage
- Using External Code and Resources
  - Defining the Use of Libraries
  - Defining the Use of APIs
  - Defining the Use of Microservices
  - Accessing External Data
- Allowing Access by Others
2. Embracing User Needs and Expectations
- Developing a User View of the Application
- Considering Bring Your Own Device (BYOD) Issues
  - Understanding Web-Based Application Security
  - Considering Native App Issues
  - Using Custom Browsers
  - Verifying Code Compatibility Issues
  - Handling Nearly Continuous Device Updates
- Devising Password Alternatives
  - Working with Passphrases
  - Using Biometric Solutions
  - Relying on Key Cards
  - Relying on USB Keys
  - Implementing a Token Strategy
- Focusing on User Expectations
  - Making the Application Easy to Use
  - Making the Application Fast
  - Creating a Reliable Environment
  - Keeping Security in Perspective
3. Getting Third-Party Assistance
- Discovering Third-Party Security Solutions
- Considering Cloud Security Solutions
  - Understanding Data Repositories
  - Dealing with File Sharing Issues
  - Considering Cloud Storage
- Choosing Between Product Types
  - Working with Libraries
  - Accessing APIs
  - Considering Microservices
II. Applying Successful Coding Practices
4. Developing Successful Interfaces
- Assessing the User Interface
  - Creating a Clear Interface
  - Making Interfaces Flexible
  - Providing User Aids
  - Defining the Accessibility Issues
- Providing Controlled Choices
- Choosing a User Interface Solution Level
  - Implementing Standard HTML Controls
  - Working with CSS Controls
  - Creating Controls Using JavaScript
    - Relying on client controls
    - Relying on server controls
- Validating the Input
  - Allowing Specific Input Only
  - Looking for Sneaky Inputs
  - Requesting New Input
  - Using Both Client-Side and Server-Side Validation
- Expecting the Unexpected
5. Building Reliable Code
- Differentiating Reliability and Security
  - Defining the Roles of Reliability and Security
  - Avoiding Security Holes in Reliable Code
  - Focusing on Application Functionality
- Developing Team Protocols
- Creating a Lessons Learned Feedback Loop
- Considering Issues of Packaged Solutions
  - Dealing with External Libraries
  - Dealing with External APIs
  - Working with Frameworks
  - Calling into Microservices
6. Incorporating Libraries
- Considering Library Uses
  - Enhancing CSS with Libraries
  - Interacting with HTML Using Libraries
  - Extending JavaScript with Libraries
- Differentiating Between Internally Stored and Externally Stored Libraries
- Defining the Security Threats Posed by Libraries
  - Enabling Strict Mode
  - Developing a Content Security Policy (CSP)
- Incorporating Libraries Safely
  - Researching the Library Fully
  - Defining the Precise Library Uses
  - Keeping Library Size Small and Content Focused
  - Performing the Required Testing
- Differentiating Between Libraries and Frameworks
7. Using APIs with Care
- Differentiating Between APIs and Libraries
  - Considering the Differences in Popularity
  - Defining the Differences in Usage
- Extending JavaScript Using APIs
  - Locating Appropriate APIs
  - Creating a Simple Example
- Defining the Security Threats Posed by APIs
  - Ruining Your Good Name with MailPoet
  - Developing a Picture of the Snappening
  - Losing Your Device with Find My iPhone
  - Leaking Your Most Important Information with Heartbleed
  - Suffering from Shellshock
- Accessing APIs Safely from JavaScript
  - Verifying API Security
  - Testing Inputs and Outputs
  - Keeping Data Localized and Secure
  - Coding Defensively
8. Considering the Use of Microservices
- Defining Microservices
  - Specifying Microservice Characteristics
  - Differentiating Microservices and Libraries
  - Differentiating Microservices and APIs
  - Considering Microservice Politics
- Making Microservice Calls Using JavaScript
  - Understanding the Role of REST in Communication
  - Transmitting Data Using JSON
  - Creating a Microservice Using Node.js and Seneca
- Defining the Security Threats Posed by Microservices
  - Lack of Consistency
  - Considering the Role of the Virtual Machine
  - Using JSON for Data Transfers
    - Considering the dangers of eval()
    - Defending against cross-site request forgery
  - Defining Transport Layer Security
- Creating Alternate Microservice Paths
III. Creating Useful and Efficient Testing Strategies
9. Thinking Like a Hacker
- Defining a Need for Web Security Scans
- Building a Testing System
  - Considering the Test System Uses
  - Getting the Required Training
  - Creating the Right Environment
  - Using Virtual Machines
  - Getting the Tools
  - Configuring the System
  - Restoring the System
- Defining the Most Common Breach Sources
  - Avoiding SQL Injection Attacks
  - Understanding Cross-Site Scripting
  - Tackling Denial-of-Service Issues
  - Nipping Predictable Resource Location
  - Overcoming Unintentional Information Disclosure
- Testing in a BYOD Environment
  - Configuring a Remote Access Zone
  - Checking for Cross-Application Hacks
  - Dealing with Really Ancient Equipment and Software
- Relying on User Testing
  - Letting the User Run Amok
  - Developing Reproducible Steps
  - Giving the User a Voice
- Using Outside Security Testers
  - Considering the Penetration Testing Company
  - Managing the Project
  - Covering the Essentials
  - Getting the Report
10. Creating an API Safety Zone
- Understanding the Concept of an API Safety Zone
- Defining the Need for an API Safety Zone
  - Ensuring Your API Works
  - Enabling Rapid Development
  - Certifying the Best Possible Integration
    - Sandboxing integration testing
    - Virtualizing integration testing
    - Mocking for integration testing
    - Integrating using API virtualization
  - Verifying the API Behaves Under Load
  - Keeping the API Safe from Hackers
- Developing with an API Sandbox
  - Using an Off-the-Shelf Solution
  - Using Other Vendors Sandboxes
- Considering Virtual Environments
  - Defining the Virtual Environment
  - Differentiating Virtual Environments and Sandboxing
  - Implementing Virtualization
  - Relying on Application Virtualization
11. Checking Libraries and APIs for Holes
- Creating a Testing Plan
  - Considering Goals and Objectives
    - Defining the goals
    - Testing performance
    - Testing usability
    - Testing platform type
    - Implementing testing principles
    - Understanding testing limitations
  - Testing Internal Libraries
  - Testing Internal APIs
  - Testing External Libraries
  - Testing External APIs
  - Extending Testing to Microservices
- Testing Libraries and APIs Individually
  - Creating a Test Harness for Libraries
  - Creating Testing Scripts for APIs
  - Extending Testing Strategies to Microservices
  - Developing Response Strategies
    - Relying on direct results
    - Relying on mocked results
- Performing Integration Testing
- Testing for Language-Specific Issues
  - Devising Tests for HTML Issues
  - Devising Tests for CSS Issues
  - Devising Tests for JavaScript Issues
12. Using Third-Party Testing
- Locating Third-Party Testing Services
  - Defining the Reasons for Hiring the Third Party
  - Considering the Range of Possible Testing Services
  - Ensuring the Third Party Is Legitimate
  - Interviewing the Third Party
  - Performing Tests on a Test Setup
- Creating a Testing Plan
  - Specifying the Third-Party Goals in Testing
  - Generating a Written Test Plan
  - Enumerating the Test Output and Reporting Requirements
  - Considering Test Requirements
- Implementing a Testing Plan
  - Determining Organizational Participation in Testing
  - Beginning the Testing Process
  - Performing Required Test Monitoring
  - Handling Unexpected Testing Issues
- Using the Resulting Reports
  - Discussing the Report Output with the Third Party
  - Presenting the Report to the Organization
  - Acting on Testing Recommendations
IV. Implementing a Maintenance Cycle
13. Clearly Defining Upgrade Cycles
- Developing a Detailed Upgrade Cycle Plan
  - Looking for Upgrades
  - Determining Upgrade Requirements
  - Defining Upgrade Criticality
  - Checking Upgrades for Issues
  - Creating Test Scenarios
  - Implementing the Changes
- Creating an Upgrade Testing Schedule
  - Performing the Required Pre-Testing
  - Performing the Required Integration Testing
- Moving an Upgrade to Production
14. Considering Update Options
- Differentiating Between Upgrades and Updates
- Determining When to Update
  - Working Through Library Updates
    - Dealing with third-party library updates
    - Developing in-house library updates
  - Working Through API and Microservice Updates
    - Dealing with third-party API and microservice updates
    - Developing in-house API and microservice updates
  - Accepting Automatic Updates
- Updating Language Suites
  - Creating a Supported Language List
  - Obtaining Reliable Language Specialists
  - Verifying the Language-Specific Prompts Work with the Application
  - Ensuring Data Appears in the Correct Format
  - Defining the Special Requirements for Language Support Testing
- Performing Emergency Updates
  - Avoiding Emergencies When Possible
  - Creating a Fast Response Team
  - Performing Simplified Testing
  - Creating a Permanent Update Schedule
- Creating an Update Testing Schedule
15. Considering the Need for Reports
- Using Reports to Make Changes
  - Avoiding Useless Reports
  - Timing Reports to Upgrades and Updates
  - Using Automatically Generated Reports
  - Using Custom Reports
    - Developing reports by hand
    - Developing reports from readily available data sources
  - Creating Consistent Reports
  - Using Reports to Perform Specific Application Tasks
- Creating Internal Reports
  - Determining Which Data Sources to Use
  - Specifying Report Uses
- Relying on Externally Generated Reports
  - Obtaining Completed Reports from Third Parties
  - Developing Reports from Raw Data
  - Keeping Internal Data Secure
- Providing for User Feedback
  - Obtaining User Feedback
  - Determining the Usability of User Feedback
V. Locating Security Resources
16. Tracking Current Security Threats
- Developing Sources for Security Threat Information
  - Reading Security-Related Articles by Experts
  - Checking Security Sites
  - Getting Input from Consultants
- Avoiding Information Overload
- Creating a Plan for Upgrades Based on Threats
  - Anticipating Situations that Require No Action at All
  - Deciding Between an Upgrade or an Update
  - Defining an Upgrade Plan
- Creating a Plan for Updates Based on Threats
  - Verifying Updates Address Threats
  - Determining Whether the Threat Is an Emergency
  - Defining an Update Plan
  - Asking for Updates from Third Parties
17. Getting Required Training
- Creating an In-House Security Training Plan
  - Defining Needed Training
  - Setting Reasonable Goals
  - Using In-House Trainers
  - Monitoring the Results
- Obtaining Third-Party Training for Developers
  - Specifying the Training Requirements
  - Hiring a Third-Party Trainer for Your Organization
  - Using Online Schools
  - Relying on Training Centers
  - Using Local Colleges and Universities
- Ensuring Users Are Security Aware
  - Making Security Training Specific
  - Combining Training with Written Guides
  - Creating and Using Alternative Security Reminders
  - Holding Training Effectiveness Checks
Index