This book is much more than a wake-up call. It is also an eye-opener.
Even for those who are already awake to the problems of Web server
security, it is a serious guide for what to do and what not to do,
with many well-chosen examples. The set of fundamental rules is highly
relevant.
Peter G. Neumann, Author of Computer-Related Risks,and moderator of
the Internet Risks Forum (risks.org).
This concise and practical book will show where code vulnerabilities
lie and how best to fix them. Its value is in showing where code may
be exploited to gain access to - or break - systems, but without
delving into specific architectures, programming or scripting
languages or applications. It provides illustrations with real code.
Innocent Code is an entertaining read showing how to change your
mindset from website construction to website destruction so as to
avoid writing dangerous code. Abundant examples from susceptible sites
will bring the material alive and help you to guard against:
-- SQL Injection, shell command i njection and other attacks based
on mishandling meta-characters
-- bad input
-- cross-site scripting
-- attackers who trick users into performing actions
-- leakage of server-side secrets
-- hidden enemies such as project deadlines, salesmen, messy code
and tight budgets
All web programmers need to take precautions against producing
websites vulnerable to malicious attack. This is the book which tells
you how without trying to turn you into a security specialist.
For more eBooks
click here
Download File Size:1.2 MB
|
