Web Security
This course is focused on the security of dynamic, or data-driven, Web Applications. The book highlights common vulnerabilities, attack methods, and protection techniques. Learners will understand the fundamental problem inherent in web applications with focus on known weaknesses. The course also demonstrates how to discover and exploit security flaws with the objective of securing a web application against possible attacks.
Learning Outcomes
The E-textbookTarget Audience
Although this book can be used by people with different backgrounds, it is intended for those with IT background. Web development background can help you better understand Web Apps flaws and how attackers exploit them. This book can be used at any educational level, from technical high schools and community colleges to graduate students. Industry professionals can also use this book.
Edition
This is the first edition of the book. Published on September 1, 2022
Chapter Description
Chapter 1 - Web Application Fundamentals: This chapter introduces the Worldwide Web and outlines important concepts related to web applications. Before getting into Web Security, the learner must have a solid understanding of the Web, as outlined in this chapter.
Chapter 2 - The Web Application Security Problem: Due to the open nature of the Web, it is both a subject and an object of security breaches and attacks. This chapter outlines the inherent security problem of Web Applications. The chapter introduces Web Application security standards including the top 10 known security flaws and vulnerabilities as defined by OWASP.
Chapter 3 - Identification, Authentication, and Access Control: Digital identity is the unique representation of a subject engaged in an online transaction. This chapter introduces digital identity along with its associated processes such as determining the validity of an identity claim (Authentication), and dictating who is authorized to access information resources (Access Control). This chapter explains security flaws associated with Identification, Authentication, and Access Control. Different attack vectors are presented, and prevention measures and techniques are outlined.
Chapter 4 - Cryptographic Failures: Sensitive Data, whether at Rest or in Transit, must be protected. Cryptography is the process of protecting information by encrypting it, so that only those for whom the information is intended can read and process it. Applications should be designed to still be secure even if cryptographic controls fail. We can achieve this by applying Defence in Depth. This chapter explains the root cause for sensitive data exposure; namely, Cryptographic Failures. Different attack vectors are presented, and prevention measures and techniques are outlined.
Chapter 5 - Injection: Coming Soon.
Chapter 6 - Insecure Design: Coming Soon.
Chapter 7 - Security Misconfiguration: Coming Soon.
Chapter 8 - Vulnerable and Outdated Components: Coming Soon.
Chapter 9 - Software and Data Integrity Failures: Coming Soon.
Chapter 10 - Security Logging and Monitoring Failures: Coming Soon.
Chapter 11 - Server-Side Request Forgery: Coming Soon.
Legal
Some of the product names and company names used in this book have been used for identification purposes only and may be trademarks or registered trademarks of their respective organizations. The software tools and applications in this book are for instructional purposes only. They have been tested with care, but are not guaranteed for any particular intent beyond educational purposes. The author does not offer any warranties or representations, nor does he accept any liabilities with respect to the programs.
© 2022 Samer Aoudi
#cybersecurity #etextbook #websecurity #pentesting #onlinelessons
Ads by Google