Secure Programming of Web Applications Web Application Security for Software Developers and Project Managers

Understand application security: We can read about numerous successful attacks on well-known web applications on a weekly basis. Reason enough to study the background of “Web Application Security” of custom-made / self-developed applications – no matter if these are used only internally or with public access. This book DOES NOT cover related topics like secure (network) infrastructures, operating system security, patch management, firewall architectures etc. but instead focuses only at the application level – the central field of activity of a software developer. Web applications are a generic expression for Internet applications Intranet applications Cloud services Web portals Web services Web APIs Table of Contents: The most common / typical attacks against web applications are: [01] Code/Command Injection in general[02] (No)SQL Code Injection[03] Cross-Site Request Forgery (CSRF)[04] Cross-Site Scripting (XSS)[05] Open Redirection[06] Remote File Inclusion (RFI) and Local File Inclusion (LFI)[07] Clickjacking[08] Session-Hijacking[09] Information Disclosure[10] Attacks on Weaknesses of the Authentification[11] Denial of Service[12] Middleware[13] Third-Party Software