图书标签: Web 安全 计算机 security 网络安全 Programming Security 黑客
发表于2024-11-05
The Tangled Web pdf epub mobi txt 电子书 下载 2024
"Thorough and comprehensive coverage from one of the foremost experts in browser security." -Tavis Ormandy, Google Inc. Modern web applications are built on a tangle of technologies that have been developed over time and then haphazardly pieced together. Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle security consequences. To keep users safe, it is essential for developers to confidently navigate this landscape. In The Tangled Web, Michal Zalewski, one of the world's top browser security experts, offers a compelling narrative that explains exactly how browsers work and why they're fundamentally insecure. Rather than dispense simplistic advice on vulnerabilities, Zalewski examines the entire browser security model, revealing weak points and providing crucial information for shoring up web application security. You'll learn how to: * Perform common but surprisingly complex tasks such as URL parsing and HTML sanitization * Use modern security features like Strict Transport Security, Content Security Policy, and Cross-Origin Resource Sharing * Leverage many variants of the same-origin policy to safely compartmentalize complex web applications and protect user credentials in case of XSS bugs * Build mashups and embed gadgets without getting stung by the tricky frame navigation policy * Embed or host user-supplied content without running into the trap of content sniffing For quick reference, "Security Engineering Cheat Sheets" at the end of each chapter offer ready solutions to problems you're most likely to encounter. With coverage extending as far as planned HTML5 features, The Tangled Web will help you create secure web applications that stand the test of time.
Michal Zalewski is an internationally recognized information security expert with a long track record of delivering cutting-edge research. He is credited with discovering hundreds of notable security vulnerabilities and frequently appears on lists of the most influential security experts. He is the author of Silence on the Wire (No Starch Press), Google's "Browser Security Handbook," and numerous important research papers.
真不错, 很详细, 实例也不少. 对Web安全有兴趣的同学不得不读. 里面有些hack太漂亮了.
评分真不错, 很详细, 实例也不少. 对Web安全有兴趣的同学不得不读. 里面有些hack太漂亮了.
评分荣幸在职业生涯初期与Michal和Filipe一起工作。一个是作者,一个是作者致谢的第一个人。信息安全的世界,我可能还要探索很久。
评分荣幸在职业生涯初期与Michal和Filipe一起工作。一个是作者,一个是作者致谢的第一个人。信息安全的世界,我可能还要探索很久。
评分真不错, 很详细, 实例也不少. 对Web安全有兴趣的同学不得不读. 里面有些hack太漂亮了.
唉,无错不成书!道理我也知道,何况自己的水平摆在那里,不错也不可能!不过看到出错总是不甘心啊不甘心。所以只能事后修补了,在这里建个纠错表吧,大家有发现什么问题都可以告诉我,以后要是重印希望可以改正啦。 但素(这里必须有个但素),千万表被这篇纠错表的长度吓倒,...
评分《web之困:现代web应用安全指南》在web安全领域有“圣经”的美誉,在世界范围内被安全工作者和web从业人员广为称道,由来自google chrome浏览器团队的世界顶级黑客、国际一流安全专家撰写,是目前唯一深度探索现代web浏览器安全技术的专著。本书从浏览器设计的角度切入,以探...
评分《web之困:现代web应用安全指南》在web安全领域有“圣经”的美誉,在世界范围内被安全工作者和web从业人员广为称道,由来自google chrome浏览器团队的世界顶级黑客、国际一流安全专家撰写,是目前唯一深度探索现代web浏览器安全技术的专著。本书从浏览器设计的角度切入,以探...
评分《web之困:现代web应用安全指南》在web安全领域有“圣经”的美誉,在世界范围内被安全工作者和web从业人员广为称道,由来自google chrome浏览器团队的世界顶级黑客、国际一流安全专家撰写,是目前唯一深度探索现代web浏览器安全技术的专著。本书从浏览器设计的角度切入,以探...
评分《web之困:现代web应用安全指南》在web安全领域有“圣经”的美誉,在世界范围内被安全工作者和web从业人员广为称道,由来自google chrome浏览器团队的世界顶级黑客、国际一流安全专家撰写,是目前唯一深度探索现代web浏览器安全技术的专著。本书从浏览器设计的角度切入,以探...
The Tangled Web pdf epub mobi txt 电子书 下载 2024