内容简介
Thehighlysuccessfulsecuritybookreturnswithanewedition,completelyupdatedWebapplicationsarethefrontdoortomostorganizations,exposingthemtoattacksthatmaydisclosepersonalinformation,executefraudulenttransactions,orcompromiseordinaryusers.Thispracticalbookhasbeencompletelyupdatedandrevisedtodiscussthelateststep-by-steptechniquesforattackinganddefendingtherangeofever-evolvingwebapplications.You'llexplorethevariousnewtechnologiesemployedinwebapplicationsthathaveappearedsincethefirsteditionandreviewthenewattacktechniquesthathavebeendeveloped,particularlyinrelationtotheclientside.RevealshowtoovercomethenewtechnologiesandtechniquesaimedatdefendingwebapplicationsagainstattacksthathaveappearedsincethepreviouseditionDiscussesnewremotingframeworks,HTML5,cross-domainintegrationtechniques,UIredress,framebusting,HTTPparameterpollution,hybridfileattacks,andmoreFeaturesacompanionwebsitehostedbytheauthorsthatallowsreaderstotryouttheattacksdescribed,givesanswerstothequestionsthatareposedattheendofeachchapter,andprovidesasummarizedmethodologyandchecklistoftasksFocusingontheareasofwebapplicationsecuritywherethingshavechangedinrecentyears,thisbookisthemostcurrentresourceonthecriticaltopicofdiscovering,exploiting,andpreventingwebapplicationsecurityflaws.
作者简介
DAFYDDSTUTTARDisanindependentsecurityconsultant,author,andsoftwaredeveloperspecializinginpenetrationtestingofwebapplicationsandcompiledsoftware.UnderthealiasPortSwigger,DafyddcreatedthepopularBurpSuiteofhackingtools.MARCUSPINTOdeliverssecurityconsultancyandtrainingonwebapplicationattackanddefensetoleadingglobalorganizationsinthefinancial,government,telecom,gaming,andretailsectors.TheauthorscofoundedMDSec,aconsultingcompanythatprovidestraininginattackanddefense-basedsecurity.