Grokking Web Application Security teaches you how to build web apps that are ready for and resilient to any attack. You'll learn what motivates hackers to hack a site, discover the latest tools for identifying security issues, and set up a development lifecycle that catches security issues early.

When you launch an application on the web, every hacker in the world has access to it. Are you sure your web apps can stand up to the most sophisticated attacks?

Grokking Web Application Security is a brilliantly illustrated and clearly written guide that delivers detailed coverage on:

• How the browser security model works, including sandboxing, the same-origin policy, and methods of securing cookies
• Securing web servers with input validation, escaping of output, and defense in depth
• A development process that prevents security bugs
• Protecting yourself from browser vulnerabilities such as cross-site scripting, cross-site request forgery, and clickjacking
• Network vulnerabilities like man-in-the-middle attacks, SSL-stripping, and DNS poisoning
• Preventing authentication vulnerabilities that allow brute forcing of credentials by using single sign-on or multi-factor authentication
• Authorization vulnerabilities like broken access control and session jacking
• How to use encryption in web applications
• Injection attacks, command execution attacks, and remote code execution attacks
• Malicious payloads that can be used to attack XML parsers, and file upload functions