CONTENTS IN DETAIL
A Brief History of the Internet
A New Challenger Enters the Arena
Software Exploits and the Dark Web
The Rendering Pipeline: An Overview
Before and After Rendering: Everything Else the Browser Does
Distributed vs. Centralized Version Control
Coverage and Continuous Integration
Options for Standardized Deployment During Releases
Phase 5: Post-Release Testing and Observation
Monitoring, Logging, and Error Reporting
Anatomy of a SQL Injection Attack
Mitigation 1: Use Parameterized Statements
Mitigation 2: Use Object-Relational Mapping
Bonus Mitigation: Use Defense in Depth
Anatomy of a Command Injection Attack
Mitigation: Escape Control Characters
Anatomy of a Remote Code Execution Attack
Mitigation: Disable Code Execution During Deserialization
Anatomy of a File Upload Attack
Stored Cross-Site Scripting Attacks
Mitigation 1: Escape HTML Characters
Mitigation 2: Implement a Content Security Policy
Reflected Cross-Site Scripting Attacks
Mitigation: Escape Dynamic Content from HTTP Requests
DOM-Based Cross-Site Scripting Attacks
Mitigation: Escaping Dynamic Content from URI Fragments
8
CROSS-SITE REQUEST FORGERY ATTACKS
Mitigation 1: Follow REST Principles
Mitigation 2: Implement Anti-CSRF Cookies
Mitigation 3: Use the SameSite Cookie Attribute
Bonus Mitigation: Require Reauthentication for Sensitive Actions
Mitigation 1: Use Third-Party Authentication
Mitigation 2: Integrate with Single Sign-On
Mitigation 3: Secure Your Own Authentication System
Requiring Usernames, Email Address, or Both
Requiring Multifactor Authentication
Implementing and Securing the Logout Function
Taking Advantage of Weak Session IDs
Designing an Authorization Model
Filepaths and Relative Filepaths
Anatomy of a Directory Traversal Attack
Mitigation 1: Trust Your Web Server
Mitigation 2: Use a Hosting Service
Mitigation 3: Use Indirect File References
Mitigation 4: Sanitize File References
Mitigation 1: Disable Telltale Server Headers
Mitigation 3: Use Generic Cookie Parameters
Mitigation 4: Disable Client-Side Error Reporting
Mitigation 5: Minify or Obfuscate Your JavaScript Files
Mitigation 6: Sanitize Your Client-Side Files
Stay on Top of Security Advisories
Encryption in the Internet Protocol
Encryption Algorithms, Hashing, and Message Authentication Codes
Obtaining a Digital Certificate
Installing a Digital Certificate
Know What Code You Are Running
Be Able to Deploy New Versions Quickly
Disable Open Directory Listings
Protect Your Configuration Information
Secure Administrative Frontends
Securing the Services That You Use
Secure Content Served by Third Parties
Review and Report Suspicious Ads
How Hackers Exploit External Entities
Implement a Sender Policy Framework
Implement DomainKeys Identified Mail
Securing Your Email: Practical Steps
Disguising Malicious Links in Email
Protecting Against Server-Side Forgery
Protecting Against Malware Infection
Denial-of-Service Attack Types
Internet Control Message Protocol Attacks
Transmission Control Protocol Attacks
Reflected and Amplified Attacks
Distributed Denial-of-Service Attacks
Unintentional Denial-of-Service Attacks
Denial-of-Service Attack Mitigation
Firewalls and Intrusion Prevention Systems