- 出版社: No Starch Press,US (2011年11月19日)
- 平装: 320页
- 语种： 英语
- ISBN: 1593273886
- 条形码: 9781593273880
- 商品尺寸: 17.8 x 2.1 x 22.9 cm
- 商品重量: 603 g
- ASIN: 1593273886
- 用户评分: 1 条商品评论
- 亚马逊热销商品排名: 图书商品里排第2,341,367名 (查看图书商品销售排行榜)
The Tangled Web: A Guide to Securing Modern Web Applications (英语) 平装 – 2011年11月19日
买满 ￥168.00 立减 ￥20.00: 满足条件自动优惠
Michal Zalewski is an internationally recognized information security expert with a long track record of delivering cutting-edge research. He is credited with discovering hundreds of notable security vulnerabilities and frequently appears on lists of the most influential security experts. He is the author of Silence on the Wire (No Starch Press), Google's "Browser Security Handbook," and numerous important research papers.
That one sentence sums up why "The Tangled Web" is, hands down, the best book on web and browser security. It is all too easy to criticize, lament, and create paranoid scenarios about the "unsound security foundations" of the web. Truth is, all of that criticism is true, and yet the web has proven to be an incredibly robust platform. In this book Michal Zalewski walks us through the history and the evolution of the architecture of the popular browsers, servers, protocols, and everything in between - as it relates security of modern web applications.
Instead of focusing on the usual security acronyms and "attack classes", this book will give you something much more powerful: a bottom up understanding of how a modern browser operates, why it does what it does, and what implications this has for designing more secure applications. This book should be mandatory reading for every web-developer. Highly recommend it.
Before I didn't even realized that e.g. when Flash makes cross domain requests it appends all ambient credentials - and there are so many insights like this in this book.
While reading I also found a bunch of critical vulnerabilities in the projects I know.
Make no mistake, the book is focused on the browser and related technologies rather than the theory of security. The same tremendous insight, that made me nod with appreciation and wish that I had the book 5 years ago while working on security policies, illuminates browser concepts like in-browser content separation, scripting, and much more.
I appreciate the authors treatment of each of the concepts in the context of the browser as a complex and still evolving technology, with it's own history, standards, market requirements and politics.
- 图书 > 进口原版 > Computers & Technology（计算机与科技） > Business & Management（商业与管理） > Privacy
- 图书 > 进口原版 > Computers & Technology（计算机与科技） > Networking（网络） > Internet, Groupware, & Telecommunications
- 图书 > 进口原版 > Computers & Technology（计算机与科技） > Networking（网络） > Network Security
- 图书 > 进口原版 > Computers & Technology（计算机与科技） > Programming（编程） > Algorithms > Cryptography
- 图书 > 进口原版 > Computers & Technology（计算机与科技） > Security & Encryption（安全与加密） > Viruses