When you launch an application on the web, every hacker in the world has access to it. Are you sure your web apps can stand up to the most sophisticated attacks?Trying to teach yourself about web security from the internet can feel like walking into a huge disorganized library—one where you can never find what you need, and the wrong advice might endanger your application! You need a single, all-in-one guide to securing your apps against all the attacks they can and will face. You need Grokking Web Application Security.This brilliantly illustrated and clearly written guide delivers detailed coverage on:Browser security, including sandboxing, the same-origin policy, and cookie securitySecuring web servers with input validation, escaping of output, and defense in depthA development process that prevents security bugsBrowser vulnerabilities, from cross-site scripting and cross-site request forgery, to clickjackingNetwork vulnerabilities, such as man-in-the-middle attacks, SSL-stripping, and DNS poisoningAuthentication vulnerabilities, such as brute forcing of credentials with single sign-on or multi-factor authenticationAuthorization vulnerabilities, such as broken access control and session jackingHow to use encryption in web applicationsInjection attacks, command execution attacks, and remote code execution attacksMalicious payloads that can be used to attack XML parsers and file upload functionsGrokking Web Application Security teaches you how to build web apps that are ready and resilient to any attack. It’s laser-focused on what the working programmer needs to know about web security. In it, you’ll find practical recommendations for both common and not-so-common vulnerabilities—everything from SQL injection to cross-site scripting inclusion attacks. You’ll learn what motivates hackers, discover the latest tools for identifying issues, and set up a development lifecycle that catches problems early. Read it cover to cover for a comprehensive overview of web security, and dip in as a reference whenever you need to tackle a specific vulnerability.About the technologyApplication security is a front-burner concern for web developers. Whether working on the UI with a frontend framework or building out the server side, it’s up to you to understand the threats and know exactly how to keep the black hats from getting the upper hand.About the bookGrokking Web Application Security covers everything a working developer needs to know about securing applications in the browser and on the server. The tested techniques apply to any stack and are illustrated with concrete examples plucked from author Malcolm McDonald’s extensive career. You’ll discover must-implement security principles and even learn the fascinating tools and techniques the bad guys use to crack systems.What's insideA security-first development processEncryption in web applicationsSupply-chain and API attacksWhat to do when a hacker gets inAbout the readerFor readers who understand basic web application design and technologies.About the authorMalcolm McDonald is a security engineer with 20 years of experience across investment banking, start-ups, and PayPal, and he is the creator of hacksplaining.com.The technical editor on this book was Rajvardhan Oak. Table of ContentsPART 11 Know your enemy2 Browser security3 Encryption4 Web server security5 Security as a processPART 26 Browser vulnerabilities7 Network vulnerabilities8 Authentication vulnerabilities9 Session vulnerabilities10 Authorization vulnerabilities11 Payload vulnerabilities12 Injection vulnerabilities13 Vulnerabilities in third-party code14 Being an unwitting accomplice15 What to do when you get hackede