Coverart for item
The Resource Security for web developers, John Paul Mueller

Security for web developers, John Paul Mueller

Label
Security for web developers
Title
Security for web developers
Statement of responsibility
John Paul Mueller
Title variation
Using Javascript, HTML and CSS
Creator
Author
Subject
Language
eng
Summary
"As a web developer, you may not want to spend time making your web app secure, but it definitely comes with the territory. This practical guide provides you with the latest information on how to thwart security threats at several levels, including new areas such as microservices." -- page [4] of cover
Cataloging source
BTCTA
http://library.link/vocab/creatorDate
1958-
http://library.link/vocab/creatorName
Mueller, John
Illustrations
illustrations
Index
index present
LC call number
TK5105.59
LC item number
.M83 2016
Literary form
non fiction
http://library.link/vocab/subjectName
  • Computer security
  • Web sites
  • Application software
Label
Security for web developers, John Paul Mueller
Instantiates
Publication
Note
Includes index
Carrier category
volume
Carrier category code
  • nc
Carrier MARC source
rdacarrier
Content category
text
Content type code
  • txt
Content type MARC source
rdacontent
Contents
Machine generated contents note: 1.Defining the Application Environment -- Specifying Web Application Threats -- Understanding Software Security Assurance (SSA) -- Considering the OSSAP -- Defining SSA Requirements -- Categorizing Data and Resources -- Performing the Required Analysis -- Delving into Language-Specific Issues -- Defining the Key HTML Issues -- Defining the Key CSS Issues -- Defining the Key JavaScript Issues -- Considering Endpoint Defense Essentials -- Preventing Security Breaches -- Detecting Security Breaches -- Remediating Broken Software -- Dealing with Cloud Storage -- Using External Code and Resources -- Defining the Use of Libraries -- Defining the Use of APIs -- Defining the Use of Microservices -- Accessing External Data -- Allowing Access by Others -- 2.Embracing User Needs and Expectations -- Developing a User View of the Application -- Considering Bring Your Own Device (BYOD) Issues -- Understanding Web-Based Application Security -- Considering Native App Issues -- Using Custom Browsers -- Verifying Code Compatibility Issues -- Handling Nearly Continuous Device Updates -- Devising Password Alternatives -- Working with Passphrases -- Using Biometric Solutions -- Relying on Key Cards -- Relying on USB Keys -- Implementing a Token Strategy -- Focusing on User Expectations -- Making the Application Easy to Use -- Making the Application Fast -- Creating a Reliable Environment -- Keeping Security in Perspective -- 3.Getting Third-Party Assistance -- Discovering Third-Party Security Solutions -- Considering Cloud Security Solutions -- Understanding Data Repositories -- Dealing with File Sharing Issues -- Considering Cloud Storage -- Choosing Between Product Types -- Working with Libraries -- Accessing APIs -- Considering Microservices -- 4.Developing Successful Interfaces -- Assessing the User Interface -- Creating a Clear Interface -- Making Interfaces Flexible -- Providing User Aids -- Defining the Accessibility Issues -- Providing Controlled Choices -- Choosing a User Interface Solution Level -- Implementing Standard HTML Controls -- Working with CSS Controls -- Creating Controls Using JavaScript -- Validating the Input -- Allowing Specific Input Only -- Looking for Sneaky Inputs -- Requesting New Input -- Using Both Client-Side and Server-Side Validation -- Expecting the Unexpected -- 5.Building Reliable Code -- Differentiating Reliability and Security -- Defining the Roles of Reliability and Security -- Avoiding Security Holes in Reliable Code -- Focusing on Application Functionality -- Developing Team Protocols -- Creating a Lessons Learned Feedback Loop -- Considering Issues of Packaged Solutions -- Dealing with External Libraries -- Dealing with External APIs -- Working with Frameworks -- Calling into Microservices -- 6.Incorporating Libraries -- Considering Library Uses -- Enhancing CSS with Libraries -- Interacting with HTML Using Libraries -- Extending JavaScript with Libraries -- Differentiating Between Internally Stored and Externally Stored Libraries -- Defining the Security Threats Posed by Libraries -- Enabling Strict Mode -- Developing a Content Security Policy (CSP) -- Incorporating Libraries Safely -- Researching the Library Fully -- Defining the Precise Library Uses -- Keeping Library Size Small and Content Focused -- Performing the Required Testing -- Differentiating Between Libraries and Frameworks -- 7.Using APIs with Care -- Differentiating Between APIs and Libraries -- Considering the Differences in Popularity -- Defining the Differences in Usage -- Extending JavaScript Using APIs -- Locating Appropriate APIs -- Creating a Simple Example -- Defining the Security Threats Posed by APIs -- Ruining Your Good Name with MailPoet -- Developing a Picture of the Snappening -- Losing Your Device with Find My iPhone -- Leaking Your Most Important Information with Heartbleed -- Suffering from Shellshock -- Accessing APIs Safely from JavaScript -- Verifying API Security -- Testing Inputs and Outputs -- Keeping Data Localized and Secure -- Coding Defensively -- 8.Considering the Use of Microservices -- Defining Microservices -- Specifying Microservice Characteristics -- Differentiating Microservices and Libraries -- Differentiating Microservices and APIs -- Considering Microservice Politics -- Making Microservice Calls Using JavaScript -- Understanding the Role of REST in Communication -- Transmitting Data Using JSON -- Creating a Microservice Using Node.js and Seneca -- Defining the Security Threats Posed by Microservices -- Lack of Consistency -- Considering the Role of the Virtual Machine -- Using JSON for Data Transfers -- Defining Transport Layer Security -- Creating Alternate Microservice Paths -- 9.Thinking Like a Hacker -- Defining a Need for Web Security Scans -- Building a Testing System -- Considering the Test System Uses -- Getting the Required Training -- Creating the Right Environment -- Using Virtual Machines -- Getting the Tools -- Configuring the System -- Restoring the System -- Defining the Most Common Breach Sources -- Avoiding SQL Injection Attacks -- Understanding Cross-Site Scripting -- Tackling Denial-of-Service Issues -- Nipping Predictable Resource Location -- Overcoming Unintentional Information Disclosure -- Testing in a BYOD Environment -- Configuring a Remote Access Zone -- Checking for Cross-Application Hacks -- Dealing with Really Ancient Equipment and Software -- Relying on User Testing -- Letting the User Run Amok -- Developing Reproducible Steps -- Giving the User a Voice -- Using Outside Security Testers -- Considering the Penetration Testing Company -- Managing the Project -- Covering the Essentials -- Getting the Report -- 10.Creating an API Safety Zone -- Understanding the Concept of an API Safety Zone -- Defining the Need for an API Safety Zone -- Ensuring Your API Works -- Enabling Rapid Development -- Certifying the Best Possible Integration -- Verifying the API Behaves Under Load -- Keeping the API Safe from Hackers -- Developing with an API Sandbox -- Using an Off-the-Shelf Solution -- Using Other Vendors' Sandboxes -- Considering Virtual Environments -- Defining the Virtual Environment -- Differentiating Virtual Environments and Sandboxing -- Implementing Virtualization -- Relying on Application Virtualization -- 11.Checking Libraries and APIs for Holes -- Creating a Testing Plan -- Considering Goals and Objectives -- Testing Internal Libraries -- Testing Internal APIs -- Testing External Libraries -- Testing External APIs -- Extending Testing to Microservices -- Testing Libraries and APIs Individually -- Creating a Test Harness for Libraries -- Creating Testing Scripts for APIs -- Extending Testing Strategies to Microservices -- Developing Response Strategies -- Performing Integration Testing -- Testing for Language-Specific Issues -- Devising Tests for HTML Issues -- Devising Tests for CSS Issues -- Devising Tests for JavaScript Issues -- 12.Using Third-Party Testing -- Locating Third-Party Testing Services -- Defining the Reasons for Hiring the Third Party -- Considering the Range of Possible Testing Services -- Ensuring the Third Party Is Legitimate -- Interviewing the Third Party -- Performing Tests on a Test Setup -- Creating a Testing Plan -- Specifying the Third-Party Goals in Testing -- Generating a Written Test Plan -- Enumerating the Test Output and Reporting Requirements -- Considering Test Requirements -- Implementing a Testing Plan -- Determining Organizational Participation in Testing -- Beginning the Testing Process -- Performing Required Test Monitoring -- Handling Unexpected Testing Issues -- Using the Resulting Reports -- Discussing the Report Output with the Third Party -- Presenting the Report to the Organization -- Acting on Testing Recommendations -- 13.Clearly Defining Upgrade Cycles -- Developing a Detailed Upgrade Cycle Plan -- Looking for Upgrades -- Determining Upgrade Requirements -- Defining Upgrade Criticality -- Checking Upgrades for Issues -- Creating Test Scenarios -- Implementing the Changes -- Creating an Upgrade Testing Schedule -- Performing the Required Pre-Testing -- Performing the Required Integration Testing -- Moving an Upgrade to Production -- 14.Considering Update Options -- Differentiating Between Upgrades and Updates -- Determining When to Update -- Working Through Library Updates -- Working Through API and Microservice Updates -- Accepting Automatic Updates -- Updating Language Suites -- Creating a Supported Language List -- Obtaining Reliable Language Specialists -- Verifying the Language-Specific Prompts Work with the Application -- Ensuring Data Appears in the Correct Format -- Defining the Special Requirements for Language Support Testing -- Performing Emergency Updates -- Avoiding Emergencies When Possible -- Creating a Fast Response Team -- Performing Simplified Testing -- Creating a Permanent Update Schedule -- Creating an Update Testing Schedule -- 15.Considering the Need for Reports -- Using Reports to Make Changes -- Avoiding Useless Reports -- Timing Reports to Upgrades and Updates -- Using Automatically Generated Reports -- Using Custom Reports -- Creating Consistent Reports -- Using Reports to Perform Specific Application Tasks -- Creating Internal Reports -- Determining Which Data Sources to Use -- Specifying Report Uses -- Relying on Externally Generated Reports -- Obtaining Completed Reports from Third Parties -- Developing Reports from Raw Data -- Keeping Internal Data Secure -- Providing for User Feedback -- Obtaining User Feedback -- Determining the Usability of User Feedback -- 16.Tracking Current Security Threats -- Developing Sources for Security Threat Information -- Reading Security-Related Articles by Experts -- Checking Security Sites -- Getting Input from Consultants -- Avoiding Information Overload -- Creating a Plan for Upgrades Based on Threats -- Anticipating Situations that Require No Action at All -- Deciding Between an Upgrade or an Update --
Control code
908375600
Dimensions
24 cm
Edition
First edition 2015.
Extent
xxi, 356 pages
Isbn
9781491928646
Media category
unmediated
Media MARC source
rdamedia
Media type code
  • n
Other physical details
illustrations
System control number
(OCoLC)908375600
Label
Security for web developers, John Paul Mueller
Publication
Note
Includes index
Carrier category
volume
Carrier category code
  • nc
Carrier MARC source
rdacarrier
Content category
text
Content type code
  • txt
Content type MARC source
rdacontent
Contents
Machine generated contents note: 1.Defining the Application Environment -- Specifying Web Application Threats -- Understanding Software Security Assurance (SSA) -- Considering the OSSAP -- Defining SSA Requirements -- Categorizing Data and Resources -- Performing the Required Analysis -- Delving into Language-Specific Issues -- Defining the Key HTML Issues -- Defining the Key CSS Issues -- Defining the Key JavaScript Issues -- Considering Endpoint Defense Essentials -- Preventing Security Breaches -- Detecting Security Breaches -- Remediating Broken Software -- Dealing with Cloud Storage -- Using External Code and Resources -- Defining the Use of Libraries -- Defining the Use of APIs -- Defining the Use of Microservices -- Accessing External Data -- Allowing Access by Others -- 2.Embracing User Needs and Expectations -- Developing a User View of the Application -- Considering Bring Your Own Device (BYOD) Issues -- Understanding Web-Based Application Security -- Considering Native App Issues -- Using Custom Browsers -- Verifying Code Compatibility Issues -- Handling Nearly Continuous Device Updates -- Devising Password Alternatives -- Working with Passphrases -- Using Biometric Solutions -- Relying on Key Cards -- Relying on USB Keys -- Implementing a Token Strategy -- Focusing on User Expectations -- Making the Application Easy to Use -- Making the Application Fast -- Creating a Reliable Environment -- Keeping Security in Perspective -- 3.Getting Third-Party Assistance -- Discovering Third-Party Security Solutions -- Considering Cloud Security Solutions -- Understanding Data Repositories -- Dealing with File Sharing Issues -- Considering Cloud Storage -- Choosing Between Product Types -- Working with Libraries -- Accessing APIs -- Considering Microservices -- 4.Developing Successful Interfaces -- Assessing the User Interface -- Creating a Clear Interface -- Making Interfaces Flexible -- Providing User Aids -- Defining the Accessibility Issues -- Providing Controlled Choices -- Choosing a User Interface Solution Level -- Implementing Standard HTML Controls -- Working with CSS Controls -- Creating Controls Using JavaScript -- Validating the Input -- Allowing Specific Input Only -- Looking for Sneaky Inputs -- Requesting New Input -- Using Both Client-Side and Server-Side Validation -- Expecting the Unexpected -- 5.Building Reliable Code -- Differentiating Reliability and Security -- Defining the Roles of Reliability and Security -- Avoiding Security Holes in Reliable Code -- Focusing on Application Functionality -- Developing Team Protocols -- Creating a Lessons Learned Feedback Loop -- Considering Issues of Packaged Solutions -- Dealing with External Libraries -- Dealing with External APIs -- Working with Frameworks -- Calling into Microservices -- 6.Incorporating Libraries -- Considering Library Uses -- Enhancing CSS with Libraries -- Interacting with HTML Using Libraries -- Extending JavaScript with Libraries -- Differentiating Between Internally Stored and Externally Stored Libraries -- Defining the Security Threats Posed by Libraries -- Enabling Strict Mode -- Developing a Content Security Policy (CSP) -- Incorporating Libraries Safely -- Researching the Library Fully -- Defining the Precise Library Uses -- Keeping Library Size Small and Content Focused -- Performing the Required Testing -- Differentiating Between Libraries and Frameworks -- 7.Using APIs with Care -- Differentiating Between APIs and Libraries -- Considering the Differences in Popularity -- Defining the Differences in Usage -- Extending JavaScript Using APIs -- Locating Appropriate APIs -- Creating a Simple Example -- Defining the Security Threats Posed by APIs -- Ruining Your Good Name with MailPoet -- Developing a Picture of the Snappening -- Losing Your Device with Find My iPhone -- Leaking Your Most Important Information with Heartbleed -- Suffering from Shellshock -- Accessing APIs Safely from JavaScript -- Verifying API Security -- Testing Inputs and Outputs -- Keeping Data Localized and Secure -- Coding Defensively -- 8.Considering the Use of Microservices -- Defining Microservices -- Specifying Microservice Characteristics -- Differentiating Microservices and Libraries -- Differentiating Microservices and APIs -- Considering Microservice Politics -- Making Microservice Calls Using JavaScript -- Understanding the Role of REST in Communication -- Transmitting Data Using JSON -- Creating a Microservice Using Node.js and Seneca -- Defining the Security Threats Posed by Microservices -- Lack of Consistency -- Considering the Role of the Virtual Machine -- Using JSON for Data Transfers -- Defining Transport Layer Security -- Creating Alternate Microservice Paths -- 9.Thinking Like a Hacker -- Defining a Need for Web Security Scans -- Building a Testing System -- Considering the Test System Uses -- Getting the Required Training -- Creating the Right Environment -- Using Virtual Machines -- Getting the Tools -- Configuring the System -- Restoring the System -- Defining the Most Common Breach Sources -- Avoiding SQL Injection Attacks -- Understanding Cross-Site Scripting -- Tackling Denial-of-Service Issues -- Nipping Predictable Resource Location -- Overcoming Unintentional Information Disclosure -- Testing in a BYOD Environment -- Configuring a Remote Access Zone -- Checking for Cross-Application Hacks -- Dealing with Really Ancient Equipment and Software -- Relying on User Testing -- Letting the User Run Amok -- Developing Reproducible Steps -- Giving the User a Voice -- Using Outside Security Testers -- Considering the Penetration Testing Company -- Managing the Project -- Covering the Essentials -- Getting the Report -- 10.Creating an API Safety Zone -- Understanding the Concept of an API Safety Zone -- Defining the Need for an API Safety Zone -- Ensuring Your API Works -- Enabling Rapid Development -- Certifying the Best Possible Integration -- Verifying the API Behaves Under Load -- Keeping the API Safe from Hackers -- Developing with an API Sandbox -- Using an Off-the-Shelf Solution -- Using Other Vendors' Sandboxes -- Considering Virtual Environments -- Defining the Virtual Environment -- Differentiating Virtual Environments and Sandboxing -- Implementing Virtualization -- Relying on Application Virtualization -- 11.Checking Libraries and APIs for Holes -- Creating a Testing Plan -- Considering Goals and Objectives -- Testing Internal Libraries -- Testing Internal APIs -- Testing External Libraries -- Testing External APIs -- Extending Testing to Microservices -- Testing Libraries and APIs Individually -- Creating a Test Harness for Libraries -- Creating Testing Scripts for APIs -- Extending Testing Strategies to Microservices -- Developing Response Strategies -- Performing Integration Testing -- Testing for Language-Specific Issues -- Devising Tests for HTML Issues -- Devising Tests for CSS Issues -- Devising Tests for JavaScript Issues -- 12.Using Third-Party Testing -- Locating Third-Party Testing Services -- Defining the Reasons for Hiring the Third Party -- Considering the Range of Possible Testing Services -- Ensuring the Third Party Is Legitimate -- Interviewing the Third Party -- Performing Tests on a Test Setup -- Creating a Testing Plan -- Specifying the Third-Party Goals in Testing -- Generating a Written Test Plan -- Enumerating the Test Output and Reporting Requirements -- Considering Test Requirements -- Implementing a Testing Plan -- Determining Organizational Participation in Testing -- Beginning the Testing Process -- Performing Required Test Monitoring -- Handling Unexpected Testing Issues -- Using the Resulting Reports -- Discussing the Report Output with the Third Party -- Presenting the Report to the Organization -- Acting on Testing Recommendations -- 13.Clearly Defining Upgrade Cycles -- Developing a Detailed Upgrade Cycle Plan -- Looking for Upgrades -- Determining Upgrade Requirements -- Defining Upgrade Criticality -- Checking Upgrades for Issues -- Creating Test Scenarios -- Implementing the Changes -- Creating an Upgrade Testing Schedule -- Performing the Required Pre-Testing -- Performing the Required Integration Testing -- Moving an Upgrade to Production -- 14.Considering Update Options -- Differentiating Between Upgrades and Updates -- Determining When to Update -- Working Through Library Updates -- Working Through API and Microservice Updates -- Accepting Automatic Updates -- Updating Language Suites -- Creating a Supported Language List -- Obtaining Reliable Language Specialists -- Verifying the Language-Specific Prompts Work with the Application -- Ensuring Data Appears in the Correct Format -- Defining the Special Requirements for Language Support Testing -- Performing Emergency Updates -- Avoiding Emergencies When Possible -- Creating a Fast Response Team -- Performing Simplified Testing -- Creating a Permanent Update Schedule -- Creating an Update Testing Schedule -- 15.Considering the Need for Reports -- Using Reports to Make Changes -- Avoiding Useless Reports -- Timing Reports to Upgrades and Updates -- Using Automatically Generated Reports -- Using Custom Reports -- Creating Consistent Reports -- Using Reports to Perform Specific Application Tasks -- Creating Internal Reports -- Determining Which Data Sources to Use -- Specifying Report Uses -- Relying on Externally Generated Reports -- Obtaining Completed Reports from Third Parties -- Developing Reports from Raw Data -- Keeping Internal Data Secure -- Providing for User Feedback -- Obtaining User Feedback -- Determining the Usability of User Feedback -- 16.Tracking Current Security Threats -- Developing Sources for Security Threat Information -- Reading Security-Related Articles by Experts -- Checking Security Sites -- Getting Input from Consultants -- Avoiding Information Overload -- Creating a Plan for Upgrades Based on Threats -- Anticipating Situations that Require No Action at All -- Deciding Between an Upgrade or an Update --
Control code
908375600
Dimensions
24 cm
Edition
First edition 2015.
Extent
xxi, 356 pages
Isbn
9781491928646
Media category
unmediated
Media MARC source
rdamedia
Media type code
  • n
Other physical details
illustrations
System control number
(OCoLC)908375600

Library Locations

    • Thomas Jefferson LibraryBorrow it
      1 University Blvd, St. Louis, MO, 63121, US
      38.710138 -90.311107
Processing Feedback ...