Bookmark & Share Subscribe to Feed
uGBOO | Feeding you the latest news, press releases and articles!

php|architect’s Guide to PHP Security| (PHP Architect Nanobooks)


With the number of security flaws and exploits discovered and released every day constantly on the rise, knowing how to write secure and reliable applications is become more and more important every day. Written by Ilia Alshanetsky, one of the foremost experts on PHP security in the world, php|architect’s Guide to PHP Security focuses on providing you with all the tools and knowledge you need to both secure your existing applications and writing new systems with security in mind. This book gives you a step-by-step guide to each security-related topic, providing you with real-world examples of proper coding practices and their implementation in PHP in an accurate, concise and complete way. Provides techniques applicable to any version of PHP, including 4.x and 5.x Includes a step-by-step guide to securing your applications Includes a comprehensive coverage of security design Teaches you how to defend yourself from hackers Shows you how to distract hackers with a “tar pit” to help you fend off potential attacks

Product Features

  • Used Book in Good Condition

For MORE INFO & REVIEWS please click here!

Web Application Security: Iberic Web Application Security Conference, IBWAS 2009, Madrid, Spain, December 10-11, 2009. Revised Selected Papers (Communications in Computer and Information Science)


IBWAS 2009, the Iberic Conference on Web Applications Security, was the first international conference organized by both the OWASP Portuguese and Spanish ch- ters in order to join the international Web application security academic and industry communities to present and discuss the major aspects of Web applications security. There is currently a change in the information systems development paradigm. The emergence of Web 2. 0 technologies led to the extensive deployment and use of W- based applications and Web services as a way to develop new and flexible information systems. Such systems are easy to develop, deploy and maintain and they demonstrate impressive features for users, resulting in their current wide use. The “social” features of these technologies create the necessary “massification” effects that make millions of users share their own personal information and content over large web-based int- active platforms. Corporations, businesses and governments all over the world are also developing and deploying more and more applications to interact with their bu- nesses, customers, suppliers and citizens to enable stronger and tighter relations with all of them. Moreover, legacy non-Web systems are being ported to this new intrin- cally connected environment. IBWAS 2009 brought together application security experts, researchers, educators and practitioners from industry, academia and international communities such as OWASP, in order to discuss open problems and new solutions in application security. In the context of this track, academic researchers were able to combine interesting results with the experience of practitioners and software engineers.

Product Features

  • Used Book in Good Condition

For MORE INFO & REVIEWS please click here!

Security Principles for PHP Applications: A php[architect] guide


Security is an ongoing process not something to add right before your app launches. In this book, you’ll learn how to write secure PHP applications from first principles. Why wait until your site is attacked or your data is breached? Prevent your exposure by being aware of the ways a malicious user might hijack your web site or API.

Security Principles for PHP Applications is a comprehensive guide. This book contains examples of vulnerable code side-by-side with solutions to harden it. Organized around the 2017 OWASP Top Ten list, topics cover include:

  • Injection Attacks
  • Authentication and Session Management
  • Sensitive Data Exposure
  • Access Control and Password Handling
  • PHP Security Settings
  • Cross-Site Scripting
  • Logging and Monitoring
  • API Protection
  • Cross-Site Request Forgery
  • …and more.

    Written by PHP professional Eric Mann, this book builds on his experience in building secure, web applications with PHP.

    For MORE INFO & REVIEWS please click here!

  • Practical Web Application Penetration Testing: WhiteHat and BlackHat testing of web security applications with Metasploit, Burp Collaborator, and other tools


    Learn how to conduct a full web penetration security assessment using whatever tools are best for each assessment stage

    Key Features

    • Building on beginner’s books and courses in pen testing
    • Covering both BlackHat and WhiteHat perspectives
    • Knowing which tool to deploy suited to each application and every situation.

    Book Description

    Testing web applications for performance is common; testing web applications for security is, however, difficult, mostly due to the ever-changing threat landscape. There are many web application tools providing what looks like a complete survey and defense against possible threats, which need to be analysed according to the needs and security implications of each website and web service. Practical Web Applications Penetration Testing provides a clear framework to think about web application security, while not forgetting about the tools and frameworks on offer for the intermediate and advanced application security professionals.

    Adrian Pruteanu begins with the means by which security threats and ongoing attacks can be discovered. Security tools can manage this task, but logs and general network behavior can indicate problems. He then classifies and describes the range of attacks and defenses a web security professional is likely to encounter. Adrian follows up with 5 consecutive chapters helping the reader along a curve of increasing difficulty. He starts out with the ways in which file systems can be broken into and manipulated, continues with attacks via the privilege system, and outlines the toolkits and insights behind brute force attacks.

    The last five chapters of the book assume a change of perspective: Adrian is analyzing the ways in which an attacker works, what attack vectors are likely to be analysed, and how the attack on a web application might be conducted. The chapter on Burp Collaborator starts the process, since it helps to find web application vulnerabilities. The chapters on WordPress and mobile applications analyze two extremely common attack surfaces, while the final two chapters deal with different ways to trigger remote code execution.

    What you will learn

    • Study the mindset of a BlackHat attacker
    • Adopt the mindset of a WhiteHat defender
    • Classify and plan for standard web application security threats
    • Be aware and know how to combat standard systems security problems
    • Know how to defend WordPress and mobile applications
    • Use security tools and plan for defense against remote execution

    Who This Book Is For

    The reader should have basic security experience, for example, by running a network or encountering security issues during application development. Formal education in security is useful, but not required. This title should be suitable for people with 2+ years experience in development, network management or DevOps, with an established interest in security.

    For MORE INFO & REVIEWS please click here!

    Web Application Attacks and Defences (Web Security Topics)


    For MORE INFO & REVIEWS please click here!

    Web 2.0 Security – Defending AJAX, RIA, AND SOA


    Service-Oriented Architecure (SOA), Rich Internet Applications (RIA), and Asynchronous Java and eXtended Markup Language (Ajax) comprise the backbone behind now-widespread Web 2.0 applications, such as MySpace, Google Maps, Flickr, and Live.com. Although these robust tools make next-generation Web applications possible, they also add new security concerns to the fi eld of Web application security. Yamanner-, Sammy-, and Spaceflash-type worms are exploiting client-side Ajax frameworks, providing new avenues of attack, and compromising confidential information. Portals such as Google, Netflix, Yahoo, and MySpace have witnessed new vulnerabilities recently, and these vulnerabilities can be leveraged by attackers to perform phishing, cross-site scripting (XSS), and cross-site request forgery (CSRF) exploitation. Web 2.0 Security: Defending Ajax, RIA, and SOA covers the new field of Web 2.0 security. Written for security professionals and developers, the book explores Web 2.0 hacking methods and helps enhance next-generation security controls for better application security. Readers will gain knowledge in advanced footprinting and discovery techniques; Web 2.0 scanning and vulnerability detection methods; Ajax and Flash hacking methods; SOAP, REST, and XML-RPC hacking; RSS/Atom feed attacks; fuzzing and code review methodologies and tools; and tool building with Python, Ruby, and .NET. Whether you’re a computer security professional, a developer, or an administrator, Web 2.0 Security: Defending Ajax, RIA, and SOA is the only book you will need to prevent new Web 2.0 security threats from harming your network and compromising your data.

    Product Features

    • Used Book in Good Condition

    For MORE INFO & REVIEWS please click here!

    OAuth 2.0 Cookbook: Protect your web applications using Spring Security


    Key Features

    • Interact with public OAuth 2.0 protected APIs such as Facebook, LinkedIn and Google.
    • Use Spring Security and Spring Security OAuth2 to implement your own OAuth 2.0 provider
    • Learn how to implement OAuth 2.0 native mobile clients for Android applications

    Book Description

    OAuth 2.0 is a standard protocol for authorization and focuses on client development simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and so on. This book also provides useful recipes for solving real-life problems using Spring Security and creating Android applications.

    The book starts by presenting you how to interact with some public OAuth 2.0 protected APIs such as Facebook, LinkedIn and Google. You will also be able to implement your own OAuth 2.0 provider with Spring Security OAuth2. Next, the book will cover practical scenarios regarding some important OAuth 2.0 profiles such as Dynamic Client Registration, Token Introspection and how to revoke issued access tokens. You will then be introduced to the usage of JWT, OpenID Connect, and how to safely implement native mobile OAuth 2.0 Clients.

    By the end of this book, you will be able to ensure that both the server and client are protected against common vulnerabilities.

    What you will learn

    • Use Redis and relational databases to store issued access tokens and refresh tokens
    • Access resources protected by the OAuth2 Provider using Spring Security
    • Implement a web application that dynamically registers itself to the Authorization Server
    • Improve the safety of your mobile client using dynamic client registration
    • Protect your Android client with Proof Key for Code Exchange
    • Protect the Authorization Server from invalid redirection

    About the Author

    Adolfo Eloy Nascimento is a software engineer at Elo7, he has a Bachelors degree in Computer Science, and has been working with software development since 1999. In around 2003, he started working with web development implementing applications using ASP, PHP4/5, JavaScript, and Java (sometimes he still does some maintenance for a Ruby on Rails application). He started using OAuth 2.0 two years ago, when designing applications using microservice architectures, as well as modeling and interacting with public APIs.

    As a tech enthusiast, Adolfo also likes to read and learn about programming languages and new technologies. He also believes that besides creating new applications, it is also important to share the knowledge he has acquired, which is what he does by writing for his personal blog, writing articles for Java Magazine in Brazil, and also writing tech books.

    Table of Contents

    1. OAuth 2.0 foundations
    2. Implementing Your Own OAuth 2.0 Provider
    3. Using an API protected with OAuth 2.0
    4. Working with OAuth 2.0 profiles
    5. Self contained tokens with JWT
    6. OpenID Connect for authentication
    7. Implementing Mobile Clients
    8. Avoiding common vulnerabilities

    For MORE INFO & REVIEWS please click here!

    Security and Privacy in Cyber-Physical Systems: Foundations, Principles, and Applications (Wiley – IEEE)


    Written by a team of experts at the forefront of the cyber-physical systems (CPS) revolution, this book provides an in-depth look at security and privacy, two of the most critical challenges facing both the CPS research and development community and ICT professionals. It explores, in depth, the key technical, social, and legal issues at stake, and it provides readers with the information they need to advance research and development in this exciting area.  

    Cyber-physical systems (CPS) are engineered systems that are built from, and depend upon the seamless integration of computational algorithms and physical components. Advances in CPS will enable capability, adaptability, scalability, resiliency, safety, security, and usability far in excess of what today’s simple embedded systems can provide. Just as the Internet revolutionized the way we interact with information, CPS technology has already begun to transform the way people interact with engineered systems. In the years ahead, smart CPS will drive innovation and competition across industry sectors, from agriculture, energy, and transportation, to architecture, healthcare, and manufacturing.  A priceless source of practical information and inspiration, Security and Privacy in Cyber-Physical Systems: Foundations, Principles and Applications is certain to have a profound impact on ongoing R&D and education at the confluence of security, privacy, and CPS. 

    For MORE INFO & REVIEWS please click here!

    Web Application Security the Fast Guide


    A book authored by Dr. Sami Khiami discusses the concept of web application security and explain the attack process, attack types and different used methodologies to achieve an acceptable level of application security.

    For MORE INFO & REVIEWS please click here!

    Web Application Security: Second Edition


    A compounding model resolution with available relevant data can often provide insight towards a solution methodology; which Web Application Security models, tools and techniques are necessary? What prevents me from making the changes I know will make me a more effective Web Application Security leader? Among the Web Application Security product and service cost to be estimated, which is considered hardest to estimate? How will you measure your Web Application Security effectiveness? What sources do you use to gather information for a Web Application Security study?

    This breakthrough Web Application Security self-assessment will make you the credible Web Application Security domain auditor by revealing just what you need to know to be fluent and ready for any Web Application Security challenge.

    How do I reduce the effort in the Web Application Security work to be done to get problems solved? How can I ensure that plans of action include every Web Application Security task and that every Web Application Security outcome is in place? How will I save time investigating strategic and tactical options and ensuring Web Application Security opportunity costs are low? How can I deliver tailored Web Application Security advice instantly with structured going-forward plans?

    There’s no better guide through these mind-expanding questions than acclaimed best-selling author Gerard Blokdyk. Blokdyk ensures all Web Application Security essentials are covered, from every angle: the Web Application Security self-assessment shows succinctly and clearly that what needs to be clarified to organize the business/project activities and processes so that Web Application Security outcomes are achieved.

    Contains extensive criteria grounded in past and current successful projects and activities by experienced Web Application Security practitioners. Their mastery, combined with the uncommon elegance of the self-assessment, provides its superior value to you in knowing how to ensure the outcome of any efforts in Web Application Security are maximized with professional results.

    Your purchase includes access details to the Web Application Security self-assessment dashboard download which gives you your dynamically prioritized projects-ready tool and shows your organization exactly what to do next. Your exclusive instant access details can be found in your book.

    For MORE INFO & REVIEWS please click here!

    Java EE 8 Application Development: Develop Enterprise applications using the latest versions of CDI, JAX-RS, JSON-B, JPA, Security, and more


    Develop Enterprise Java applications compliant with the latest version of the Java EE specification

    Key Features

    • This book covers all of the major Java EE 8 APIs and includes new additions such as enhanced Security, JSON-B Processing, and more
    • Learn additional Java EE APIs, such as the Java API for Websocket and the Java Message Service (JMS)
    • Develop applications by taking advantage of the latest versions of CDI, Security, Servlets, and JSF and other Java EE specifications

    Book Description

    Java EE is an Enterprise Java standard. Applications written to comply with the Java EE specification do not tie developers to a specific vendor; instead they can be deployed to any Java EE compliant application server. With this book, you’ll get all the tools and techniques you need to build robust and scalable applications in Java EE 8. This book covers all the major Java EE 8 APIs including JSF 2.3, Enterprise JavaBeans (EJB) 3.2, Contexts and Dependency Injection (CDI) 2.0, the Java API for WebSockets, JAX-RS 2.1, Servlet 4.0, and more.

    The book begins by introducing you to Java EE 8 application development and goes on to cover all the major Java EE 8 APIs. It goes beyond the basics to develop Java EE applications that can be deployed to any Java EE 8 compliant application server.

    It also introduces advanced topics such as JSON-P and JSON-B, the Java APIs for JSON processing, and the Java API for JSON binding. These topics dive deep, explaining how the two APIs (the Model API and the Streaming API) are used to process JSON data.

    Moving on, we cover additional Java EE APIs, such as the Java API for Websocket and the Java Message Service (JMS), which allows loosely coupled, asynchronous communication. Further on, you’ll discover ways to secure Java EE applications by taking advantage of the new Java EE Security API.

    Finally, you’ll learn more about the RESTful web service development using the latest JAX-RS 2.1 specification. You’ll also get to know techniques to develop cloud-ready microservices in Java EE.

    What you will learn

    • Develop and deploy Java EE applications
    • Embrace the latest additions to the Contexts and Dependency Injection (CDI) specification to develop Java EE applications
    • Develop web-based applications by utilizing the latest version of JavaServer Faces, JSF 2.3.
    • Understand the steps needed to process JSON data with JSON-P and the new JSON-B Java EE API
    • Implement RESTful web services using the new JAX-RS 2.1 API, which also includes support for Server-Sent Events (SSE) and the new reactive client API

    Who This Book Is For

    If you are a Java developer who wants to become proficient with Java EE 8, this book is ideal for you. You are expected to have some experience with Java and to have developed and deployed applications in the past, but you don’t need any previous knowledge of Java EE.

    Table of Contents

    1. Introduction to Java EE
    2. JavaServer Faces
    3. Object Relational Mapping with JPA
    4. Enterprise JavaBeans
    5. Contexts and Dependency Injection
    6. JSON Processing with JSON-B and JSON-P
    7. Websockets
    8. The Java Message Service
    9. Securing Java EE Applications
    10. RESTful Web Services with JAX-RS
    11. MicroServices Development with Java EE
    12. SOAP web services with JAX-WS
    13. Servlet development and deployment
    14. Appendix

    For MORE INFO & REVIEWS please click here!

    How to Break Web Software: Functional and Security Testing of Web Applications and Web Services


    Rigorously test and improve the security of all your Web software!

     

    It’s as certain as death and taxes: hackers will mercilessly attack your Web sites, applications, and services. If you’re vulnerable, you’d better discover these attacks yourself, before the black hats do. Now, there’s a definitive, hands-on guide to security-testing any Web-based software: How to Break Web Software.

     

    In this book, two renowned experts address every category of Web software exploit: attacks on clients, servers, state, user inputs, and more. You’ll master powerful attack tools and techniques as you uncover dozens of crucial, widely exploited flaws in Web architecture and coding. The authors reveal where to look for potential threats and attack vectors, how to rigorously test for each of them, and how to mitigate the problems you find. Coverage includes

     

    ·   Client vulnerabilities, including attacks on client-side validation

    ·   State-based attacks: hidden fields, CGI parameters, cookie poisoning, URL jumping, and session hijacking

    ·   Attacks on user-supplied inputs: cross-site scripting, SQL injection, and directory traversal

    ·   Language- and technology-based attacks: buffer overflows, canonicalization, and NULL string attacks

    ·   Server attacks: SQL Injection with stored procedures, command injection, and server fingerprinting

    ·   Cryptography, privacy, and attacks on Web services

     

    Your Web software is mission-critical–it can’t be compromised. Whether you’re a developer, tester, QA specialist, or IT manager, this book will help you protect that software–systematically.

    For MORE INFO & REVIEWS please click here!

    Spring Security – Third Edition: Secure your web applications, RESTful services, and microservice architectures


    Learn how to secure your Java applications from hackers using Spring Security 4.2

    About This Book

    • Architect solutions that leverage the full power of Spring Security while remaining loosely coupled.
    • Implement various scenarios such as supporting existing user stores, user sign up, authentication, and supporting AJAX requests,
    • Integrate with popular Microservice and Cloud services such as Zookeeper, Eureka, and Consul, along with advanced techniques, including OAuth, JSON Web Token’s (JWS), Hashing, and encryption algorithms

    Who This Book Is For

    This book is intended for Java Web and/or RESTful webservice developers and assumes a basic understanding of creating Java 8, Java Web and/or RESTful webservice applications, XML, and the Spring Framework. You are not expected to have any previous experience with Spring Security.

    What You Will Learn

    • Understand common security vulnerabilities and how to resolve them
    • Learn to perform initial penetration testing to uncover common security vulnerabilities
    • Implement authentication and authorization
    • Learn to utilize existing corporate infrastructure such as LDAP, Active Directory, Kerberos, CAS, OpenID, and OAuth
    • Integrate with popular frameworks such as Spring, Spring-Boot, Spring-Data, JSF, Vaaden, jQuery, and AngularJS.
    • Gain deep understanding of the security challenges with RESTful webservices and microservice architectures
    • Integrate Spring with other security infrastructure components like LDAP, Apache Directory server and SAML

    In Detail

    Knowing that experienced hackers are itching to test your skills makes security one of the most difficult and high-pressured concerns of creating an application. The complexity of properly securing an application is compounded when you must also integrate this factor with existing code, new technologies, and other frameworks. Use this book to easily secure your Java application with the tried and trusted Spring Security framework, a powerful and highly customizable authentication and access-control framework.

    The book starts by integrating a variety of authentication mechanisms. It then demonstrates how to properly restrict access to your application. It also covers tips on integrating with some of the more popular web frameworks. An example of how Spring Security defends against session fixation, moves into concurrency control, and how you can utilize session management for administrative functions is also included.

    It concludes with advanced security scenarios for RESTful webservices and microservices, detailing the issues surrounding stateless authentication, and demonstrates a concise, step-by-step approach to solving those issues. And, by the end of the book, readers can rest assured that integrating version 4.2 of Spring Security will be a seamless endeavor from start to finish.

    Style and approach

    This practical step-by-step tutorial has plenty of example code coupled with the necessary screenshots and clear narration so that grasping content is made easier and quicker.

    For MORE INFO & REVIEWS please click here!

    Web Application Handbook: Discovering&Exploiting Security (1) (Volume 1)


    Wireless Application Protocol is a technical standard for accessing information over a mobile wireless network. A WAP browser is a web browser for mobile devices such as mobile phones that uses the protocol.

    For MORE INFO & REVIEWS please click here!

    Web application security scanner: Questions


    How do we ensure that implementations of Web application security scanner products are done in a way that ensures safety? Can Management personnel recognize the monetary benefit of Web application security scanner? How do you assess your Web application security scanner workforce capability and capacity needs, including skills, competencies, and staffing levels? How likely is the current Web application security scanner plan to come in on schedule or on budget? What are your current levels and trends in key Web application security scanner measures or indicators of product and process performance that are important to and directly serve your customers?

    Defining, designing, creating, and implementing a process to solve a business challenge or meet a business objective is the most valuable role… In EVERY company, organization and department.

    Unless you are talking a one-time, single-use project within a business, there should be a process. Whether that process is managed and implemented by humans, AI, or a combination of the two, it needs to be designed by someone with a complex enough perspective to ask the right questions. Someone capable of asking the right questions and step back and say, ‘What are we really trying to accomplish here? And is there a different way to look at it?’

    This Self-Assessment empowers people to do just that – whether their title is entrepreneur, manager, consultant, (Vice-)President, CxO etc… – they are the people who rule the future. They are the person who asks the right questions to make Web application security scanner investments work better.

    This Web application security scanner All-Inclusive Self-Assessment enables You to be that person.

    All the tools you need to an in-depth Web application security scanner Self-Assessment. Featuring 698 new and updated case-based questions, organized into seven core areas of process design, this Self-Assessment will help you identify areas in which Web application security scanner improvements can be made.

    In using the questions you will be better able to:

    – diagnose Web application security scanner projects, initiatives, organizations, businesses and processes using accepted diagnostic standards and practices

    – implement evidence-based best practice strategies aligned with overall goals

    – integrate recent advances in Web application security scanner and process design strategies into practice according to best practice guidelines

    Using a Self-Assessment tool known as the Web application security scanner Scorecard, you will develop a clear picture of which Web application security scanner areas need attention.

    Your purchase includes access details to the Web application security scanner self-assessment dashboard download which gives you your dynamically prioritized projects-ready tool and shows your organization exactly what to do next. Your exclusive instant access details can be found in your book.

    For MORE INFO & REVIEWS please click here!

    Web Application Security: Implement, Administer, Manage


    Are there Web Application Security problems defined? What tools and technologies are needed for a custom Web Application Security project? Whats the best design framework for Web Application Security organization now that, in a post industrial-age if the top-down, command and control model is no longer relevant? Who is the Web Application Security process owner? What should the next improvement project be that is related to Web Application Security?

    This instant Web Application Security self-assessment will make you the established Web Application Security domain leader by revealing just what you need to know to be fluent and ready for any Web Application Security challenge.

    How do I reduce the effort in the Web Application Security work to be done to get problems solved? How can I ensure that plans of action include every Web Application Security task and that every Web Application Security outcome is in place? How will I save time investigating strategic and tactical options and ensuring Web Application Security opportunity costs are low? How can I deliver tailored Web Application Security advise instantly with structured going-forward plans?

    There’s no better guide through these mind-expanding questions than acclaimed best-selling author Gerard Blokdyk. Blokdyk ensures all Web Application Security essentials are covered, from every angle: the Web Application Security self-assessment shows succinctly and clearly that what needs to be clarified to organize the business/project activities and processes so that Web Application Security outcomes are achieved.

    Contains extensive criteria grounded in past and current successful projects and activities by experienced Web Application Security practitioners. Their mastery, combined with the uncommon elegance of the self-assessment, provides its superior value to you in knowing how to ensure the outcome of any efforts in Web Application Security are maximized with professional results.

    Your purchase includes access to the $249 value Web Application Security self-assessment dashboard download which gives you your dynamically prioritized projects-ready tool and shows your organization exactly what to do next. Your exclusive instant access details can be found in your book.

    For MORE INFO & REVIEWS please click here!

    Web Application Firewalls: Applied Web application security


    Revision with unchanged content. Web applications are not protected by today’s network level firewalls, because they allow access to TCP port 80 without restrictions. However, many successful attacks today are not on the network level, but on application level. For protecting against application level attacks, a firewall must understand the application protocols, that are used on its open ports. This happens in application level firewalls and for Web application in Web application firewalls. The underlying concepts of Web application firewalls differ much from the concepts of traditional network level firewalls. This book explains the underlying concepts of Web application firewalls. Afterwards, they are applied to a collection of security requirements, that application developers should respect today for developing a secure Web application. A Web application firewall is capable of automatically implementing many of these requirements. As a result, Web application developers can ignore these requirements, because the Web applications firewall already ensures their implementation and therefore the security of the Web application. This book is intended for anyone, who is interested in securing his Web application.

    For MORE INFO & REVIEWS please click here!

    ASP.NET Web API Security Essentials


    Take the security of your ASP.NET Web API to the next level using some of the most amazing security techniques around

    About This Book

    • This book has been completely updated for ASP.NET Web API 2.0 including the new features of ASP.NET Web API such as Cross-Origin Resource Sharing (CORS) and OWIN self-hosting
    • Learn various techniques to secure ASP.NET Web API, including basic authentication using authentication filters, forms, Windows Authentication, external authentication services, and integrating ASP.NET’s Identity system
    • An easy-to-follow guide to enable SSL, prevent Cross-Site Request Forgery (CSRF) attacks, and enable CORS in ASP.NET Web API

    Who This Book Is For

    This book is intended for anyone who has previous knowledge of developing ASP.NET Web API applications. Good working knowledge and experience with C# and.NET Framework are prerequisites for this book.

    What You Will Learn

    • Secure your web API by enabling Secured Socket Layer (SSL)
    • Manage your application’s user accounts by integrating ASP.NET’s Identity system
    • Ensure the security of your web API by implementing basic authentication
    • Implement forms and Windows authentication to secure your web API
    • Use external authentication such as Facebook and Twitter to authenticate a request to a web API
    • Protect your web API from CSRF attacks
    • Enable CORS in your web API to explicitly allow some cross-origin requests while rejecting others
    • Fortify your web API using OAuth2

    In Detail

    This book incorporates the new features of ASP.NET Web API 2 that will help you to secure an ASP.NET Web API and make a well-informed decision when choosing the right security mechanism for your security requirements.

    We start by showing you how to set up a browser client to utilize ASP.NET Web API services. We then cover ASP.NET Web API’s security architecture, authentication, and authorization to help you secure a web API from unauthorized users. Next, you will learn how to use SSL with ASP.NET Web API, including using SSL client certificates, and integrate the ASP.NET Identity system with ASP.NET Web API.

    We’ll show you how to secure a web API using OAuth2 to authenticate against a membership database using OWIN middleware. You will be able to use local logins to send authenticated requests using OAuth2. We also explain how to secure a web API using forms authentication and how users can log in with their Windows credentials using integrated Windows authentication. You will come to understand the need for external authentication services to enable OAuth/OpenID and social media authentication. We’ll then help you implement anti-Cross-Site Request Forgery (CSRF) measures in ASP.NET Web API.

    Finally, you will discover how to enable Cross-Origin Resource Sharing (CORS) in your web API application.

    Style and approach

    Each chapter is dedicated to a specific security technique, in a task-based and easy-to-follow way. Most of the chapters are accompanied with source code that demonstrates the step-by-step guidelines of implementing the technique, and includes an explanation of how each technique works.

    For MORE INFO & REVIEWS please click here!

    Web Application Security Is A Stack: How To CYA (Cover Your Apps) Completely (Fundamentals)


    The web application stack – a growing threat vector Understand the threat and learn how to defend your organisation This book is intended for application developers, system administrators and operators, as well as networking professionals who need a comprehensive top level view of web application security in order to better defend and protect both the “web” and the “application” against potential attacks. This book examines the most common, fundamental attack vectors and shows readers the defence techniques used to combat them. Contents 1.Introduction; 2: Attack Surface; 3. Threat Vectors; 4. Threat Mitigation; 5: Conclusion About the author Lori Mac Vittie has extensive development and technical architecture experience in both high-tech and enterprise organizations, in addition to network and systems administration expertise. Prior to joining F5, Lori was an award-winning technology editor at Network Computing Magazine. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University. She is Technical Editor and a member of the steering committee for CloudNOW, a non-profit consortium of the leading women in cloud computing. Secure your apps for better cyber security – buy this book today!

    For MORE INFO & REVIEWS please click here!

    Attack and Defend Computer Security Set


    Defend your networks and data from attack with this unique two-book security set

    The Attack and Defend Computer Security Set is a two-book set comprised of the bestselling second edition of Web Application Hacker’s Handbook and Malware Analyst’s Cookbook. This special security bundle combines coverage of the two most crucial tactics used to defend networks, applications, and data from attack while giving security professionals insight into the underlying details of these attacks themselves.

    The Web Application Hacker’s Handbook takes a broad look at web application security and exposes the steps a hacker can take to attack an application, while providing information on how the application can defend itself. Fully updated for the latest security trends and threats, this guide covers remoting frameworks, HTML5, and cross-domain integration techniques along with clickjacking, framebusting, HTTP parameter pollution, XML external entity injection, hybrid file attacks, and more.

    The Malware Analyst’s Cookbook includes a book and DVD and is designed to enhance the analytical capabilities of anyone who works with malware. Whether you’re tracking a Trojan across networks, performing an in-depth binary analysis, or inspecting a machine for potential infections, the recipes in this book will help you go beyond the basic tools for tackling security challenges to cover how to extend your favorite tools or build your own from scratch using C, Python, and Perl source code. The companion DVD features all the files needed to work through the recipes in the book and to complete reverse-engineering challenges along the way.

    The Attack and Defend Computer Security Set gives your organization the security tools needed to sound the alarm and stand your ground against malicious threats lurking online.

    For MORE INFO & REVIEWS please click here!