Web Application Security Guide
This guide attempts to provide a comprehensive overview of web application security. Common web application security issues and methods how to prevent them are explained. Web server and operating system security are not covered. The guide is intended mainly for web application developers, but can also provide useful information for web application reviewers.
The checklist gives a short summary containing only the individual guidelines. It is recommended to take the time and read the full version, where the guidelines are explained in detail, especially if any questions arise.
Most web application developers probably (hopefully) already know some or even most of the points mentioned in this guide. However, there will probably be something new for every developer. Remember, as a developer it is your responsibility to develop your application securely, and a single mistake may be enough to allow an attack.
Contents
Category:Books with print version#Web%20Application%20Security%20Guide
- Checklist
- Topics
- Miscellaneous points
- File inclusion and disclosure
- File upload vulnerabilities
- SQL injection
- Cross-site scripting (XSS)
- XML and internal data escaping
- XML, JSON and general API security
- (Un)trusted input
- Cross-site request forgery (CSRF)
- Clickjacking
- Insecure data transfer
- Session fixation
- Session stealing
- Truncation attacks, trimming attacks
- Password security
- Comparison issues
- PHP-specific issues
- Prefetching and Spiders
- Special files
- SSL, TLS and HTTPS basics
- Further reading
- Authors
The print version provides the entire book on a single page.
Category:Book:Web Application Security Guide#%20 Category:Completed booksCategory:Books by completion status/all books Category:Alphabetical/W Category:Book:Web Application Security Guide#%20 Category:Subject:Information security#Web%20Application%20Security%20Guide Category:Subject:Information security/all books Category:Subject:Information technology/all books Category:Subject:Computing/all books Category:Subject:Books by subject/all books Category:Subject:Web development#Web%20Application%20Security%20Guide Category:Subject:Web development/all books Category:Subject:Internet/all books Category:Subject:Computing/all books Category:Subject:Books by subject/all books Category:Subject:Computer programming/all books Category:Subject:Computer science/all books Category:Subject:Computing/all books Category:Subject:Books by subject/all books Category:Subject:Computing/all books Category:Subject:Books by subject/all books Category:Subject:Computer programming#Web%20Application%20Security%20Guide Category:Subject:Computer programming/all books Category:Subject:Computer science/all books Category:Subject:Computing/all books Category:Subject:Books by subject/all books Category:Subject:Computing/all books Category:Subject:Books by subject/all books Category:Book:Web Application Security Guide#%20 Category:Book:Wikibooks Stacks/Books#Web%20Application%20Security%20GuideCategory:Shelf:Information security Category:Shelf:Information security/all books Category:Department:Computing/all books#Computing Category:Shelf:Information technology/all books#Information%20technologyCategory:Shelf:Web development Category:Shelf:Web development/all books Category:Shelf:Computer programming/all books#Computer%20programming Category:Shelf:Computer science/all books#Computer%20science Category:Department:Computing/all books#Computing Category:Shelf:Internet/all books#InternetCategory:Shelf:Computer programming Category:Shelf:Computer programming/all books Category:Shelf:Computer science/all books#Computer%20science Category:Department:Computing/all books#Computing