Cargando…

Alice and Bob learn application security.

Learn application security from the very start, with this comprehensive and approachable guide! Alice and Bob Learn Application Security is an accessible and thorough resource for anyone seeking to incorporate, from the beginning of the System Development Life Cycle, best security practices in softw...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Janca, Tanya
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Indianapolis, Indiana : John Wiley & Sons, Inc., [2021]
Temas:
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)

MARC

LEADER 00000cam a2200000 i 4500
001 OR_on1200197983
003 OCoLC
005 20231017213018.0
006 m o d
007 cr |n|||||||||
008 201014s2021 inu o 000 0 eng d
040 |a YDX  |b eng  |e pn  |c YDX  |d N$T  |d EBLCP  |d RECBK  |d OCLCF  |d UKAHL  |d YDXIT  |d CNNOR  |d TEFOD  |d OCLCO  |d OCLCQ  |d OCLCO  |d IEEEE  |d OCLCQ  |d OCLCO 
019 |a 1229061214 
020 |a 9781119687399  |q (electronic book) 
020 |a 111968739X  |q (electronic book) 
020 |a 9781119687405  |q (electronic bk.) 
020 |a 1119687403  |q (electronic bk.) 
020 |a 9781394176830  |q (electronic bk.) 
020 |a 139417683X  |q (electronic bk.) 
020 |z 1119687357 
020 |z 9781119687351 
024 7 |a 10.1002/9781394176830  |2 doi 
029 1 |a AU@  |b 000071521595 
035 |a (OCoLC)1200197983  |z (OCoLC)1229061214 
037 |a 6370632  |b Proquest Ebook Central 
037 |a B8179B2D-C50C-4677-AA8D-A5D25C188096  |b OverDrive, Inc.  |n http://www.overdrive.com 
037 |a 9932139  |b IEEE 
050 4 |a QA76.76.A65  |b J36 2021 
082 0 4 |a 005.3  |2 23 
049 |a UAMI 
100 1 |a Janca, Tanya. 
245 1 0 |a Alice and Bob learn application security. 
264 1 |a Indianapolis, Indiana :  |b John Wiley & Sons, Inc.,  |c [2021] 
300 |a 1 online resource 
336 |a text  |b txt  |2 rdacontent 
337 |a computer  |b c  |2 rdamedia 
338 |a online resource  |b cr  |2 rdacarrier 
505 0 |a Cover -- Title Page -- Copyright Page -- About the Author -- About the Technical Editors -- Acknowledgments -- Contents at a Glance -- Contents -- Introduction -- Pushing Left -- About This Book -- Out-of-Scope Topics -- The Answer Key -- Part 1 What You Must Know to Write Code Safe Enough to Put on the Internet -- Chapter 1 Security Fundamentals -- The Security Mandate: CIA -- Confidentiality -- Integrity -- Availability -- Assume Breach -- Insider Threats -- Defense in Depth -- Least Privilege -- Supply Chain Security -- Security by Obscurity -- Attack Surface Reduction -- Hard Coding 
505 8 |a Never Trust, Always Verify -- Usable Security -- Factors of Authentication -- Exercises -- Chapter 2 Security Requirements -- Requirements -- Encryption -- Never Trust System Input -- Encoding and Escaping -- Third-Party Components -- Security Headers: Seatbelts for Web Apps -- Security Headers in Action -- X-XSS-Protection -- Content-Security-Policy (CSP) -- X-Frame-Options -- X-Content-Type-Options -- Referrer-Policy -- Strict-Transport-Security (HSTS) -- Feature-Policy -- X-Permitted-Cross-Domain-Policies -- Expect-CT -- Public Key Pinning Extension for HTTP (HPKP) -- Securing Your Cookies 
505 8 |a The Secure Flag -- The HttpOnly Flag -- Persistence -- Domain -- Path -- Same-Site -- Cookie Prefixes -- Data Privacy -- Data Classification -- Passwords, Storage, and Other Important Decisions -- HTTPS Everywhere -- TLS Settings -- Comments -- Backup and Rollback -- Framework Security Features -- Technical Debt = Security Debt -- File Uploads -- Errors and Logging -- Input Validation and Sanitization -- Authorization and Authentication -- Parameterized Queries -- URL Parameters -- Least Privilege -- Requirements Checklist -- Exercises -- Chapter 3 Secure Design -- Design Flaw vs. Security Bug 
505 8 |a Discovering a Flaw Late -- Pushing Left -- Secure Design Concepts -- Protecting Sensitive Data -- Never Trust, Always Verify/Zero Trust/Assume Breach -- Backup and Rollback -- Server-Side Security Validation -- Framework Security Features -- Security Function Isolation -- Application Partitioning -- Secret Management -- Re-authentication for Transactions (Avoiding CSRF) -- Segregation of Production Data -- Protection of Source Code -- Threat Modeling -- Exercises -- Chapter 4 Secure Code -- Selecting Your Framework and Programming Language -- Example #1 -- Example #2 -- Example #3 
505 8 |a Programming Languages and Frameworks: The Rule -- Untrusted Data -- HTTP Verbs -- Identity -- Session Management -- Bounds Checking -- Authentication (AuthN) -- Authorization (AuthZ) -- Error Handling, Logging, and Monitoring -- Backups and Rollbacks -- Rules for Errors -- Logging -- Monitoring -- Exercises -- Chapter 5 Common Pitfalls -- OWASP -- Defenses and Vulnerabilities Not Previously Covered -- Cross-Site Request Forgery -- Server-Side Request Forgery -- Deserialization -- Race Conditions -- Closing Comments -- Exercises -- Part 2 What You Should Do to Create Very Good Code 
520 |a Learn application security from the very start, with this comprehensive and approachable guide! Alice and Bob Learn Application Security is an accessible and thorough resource for anyone seeking to incorporate, from the beginning of the System Development Life Cycle, best security practices in software development. This book covers all the basic subjects such as threat modeling and security testing, but also dives deep into more complex and advanced topics for securing modern software systems and architectures. Throughout, the book offers analogies, stories of the characters Alice and Bob, real-life examples, technical explanations and diagrams to ensure maximum clarity of the many abstract and complicated subjects. Topics include: Secure requirements, design, coding, and deployment Security Testing (all forms) Common Pitfalls Application Security Programs Securing Modern Applications Software Developer Security Hygiene Alice and Bob Learn Application Security is perfect for aspiring application security engineers and practicing software developers, as well as software project managers, penetration testers, and chief information security officers who seek to build or improve their application security programs. Alice and Bob Learn Application Security illustrates all the included concepts with easy-to-understand examples and concrete practical applications, furthering the reader's ability to grasp and retain the foundational and advanced topics contained within. 
590 |a O'Reilly  |b O'Reilly Online Learning: Academic/Public Library Edition 
650 0 |a Application software  |x Development. 
650 0 |a Computer security. 
650 6 |a Logiciels d'application  |x Développement. 
650 6 |a Sécurité informatique. 
650 7 |a COMPUTERS  |x Security  |x Cryptography & Encryption.  |2 bisacsh 
650 7 |a Application software  |x Development  |2 fast 
650 7 |a Computer security  |2 fast 
776 0 8 |i Print version:  |z 1119687357  |z 9781119687351  |w (OCoLC)1146264846 
856 4 0 |u https://learning.oreilly.com/library/view/~/9781119687351/?ar  |z Texto completo (Requiere registro previo con correo institucional) 
938 |a Askews and Holts Library Services  |b ASKH  |n AH37733912 
938 |a ProQuest Ebook Central  |b EBLB  |n EBL6370632 
938 |a EBSCOhost  |b EBSC  |n 2649524 
938 |a Recorded Books, LLC  |b RECE  |n rbeEB00838120 
938 |a YBP Library Services  |b YANK  |n 301624751 
994 |a 92  |b IZTAP