售价: ¥374.00 待定配送费
亚马逊的其他卖家
加入购物车
¥377.10
此商品可以享受免费配送 详情
卖家: 亚马逊
前翻 后翻
正在播放... 已暂停   您正在聆听的 Audible 音频版本的样品。
了解更多信息
查看全部 3 张图片

The Tangled Web: A Guide to Securing Modern Web Applications (英语) 平装 – 2011年11月19日

平均5.0 星 1 条商品评论
| 天天低价·正品质优
|
分享
广告

显示所有 2 格式和版本 隐藏其他格式和版本
亚马逊价格
全新品最低价 非全新品最低价
平装
"请重试"
¥374.00
¥374.00
促销信息: 优惠 买满 ¥168.00 立减 ¥20.00 共1个促销

全新品2 售价从 ¥374.00

『2016年度央视中国好书』震撼发布!
『2016年度央视中国好书』盘点了2016年唱响主旋律,传播正能量的好书,并通过演讲、访谈、朗读、电视短片等手段分享年度好书,让读者体会好书的文字之美、思想之美、情感之美和艺术之美,以及体验阅读的快乐与意义。 >点击查看『2016年度央视中国好书』完整书单

click to open popover

商品促销和特殊优惠
  • 买满 ¥168.00 立减 ¥20.00: 满足条件自动优惠

无需Kindle设备,下载免费Kindle阅读软件,即可在您的手机、电脑及平板电脑上畅享阅读。

  • iPhone/iPad/Mac
  • Android手机或平板电脑

请输入您的手机号码,获取Kindle阅读软件的下载链接。



基本信息

  • 出版社: No Starch Press,US (2011年11月19日)
  • 平装: 320页
  • 语种: 英语
  • ISBN: 1593273886
  • 条形码: 9781593273880
  • 商品尺寸: 17.8 x 2.1 x 22.9 cm
  • 商品重量: 603 g
  • ASIN: 1593273886
  • 用户评分: 平均5.0 星 1 条商品评论
  • 亚马逊热销商品排名: 图书商品里排第2,341,367名 (查看图书商品销售排行榜)
  • 您想告诉我们您发现了更低的价格?
    如果您是该商品的卖家,是否希望通过卖家支持建议更新

商品描述

作者简介

Michal Zalewski is an internationally recognized information security expert with a long track record of delivering cutting-edge research. He is credited with discovering hundreds of notable security vulnerabilities and frequently appears on lists of the most influential security experts. He is the author of Silence on the Wire (No Starch Press), Google's "Browser Security Handbook," and numerous important research papers.

目录

PRAISE FOR THE TANGLED WEB; PRAISE FOR SILENCE ON THE WIRE BY MICHAL ZALEWSKI; Dedication; Preface; Acknowledgments; Chapter 1: Security in the World of Web Applications; 1.1 Information Security in a Nutshell; 1.2 A Brief History of the Web; 1.3 The Evolution of a Threat; 1.4 Global browser market share, May 2011; Anatomy of the Web; Chapter 2: It Starts with a URL; 2.1 Uniform Resource Locator Structure; 2.2 Reserved Characters and Percent Encoding; 2.3 Common URL Schemes and Their Function; 2.4 Resolution of Relative URLs; Chapter 3: Hypertext Transfer Protocol; 3.1 Basic Syntax of HTTP Traffic; 3.2 HTTP Request Types; 3.3 Server Response Codes; 3.4 Keepalive Sessions; 3.5 Chunked Data Transfers; 3.6 Caching Behavior; 3.7 HTTP Cookie Semantics; 3.8 HTTP Authentication; 3.9 Protocol-Level Encryption and Client Certificates; Chapter 4: Hypertext Markup Language; 4.1 Basic Concepts Behind HTML Documents; 4.2 Understanding HTML Parser Behavior; 4.3 Entity Encoding; 4.4 HTTP/HTML Integration Semantics; 4.5 Hyperlinking and Content Inclusion; Chapter 5: Cascading Style Sheets; 5.1 Basic CSS Syntax; 5.2 Parser Resynchronization Risks; 5.3 Character Encoding; Chapter 6: Browser-Side Scripts; 6.1 Basic Characteristics of JavaScript; 6.2 Standard Object Hierarchy; 6.3 Script Character Encoding; 6.4 Code Inclusion Modes and Nesting Risks; 6.5 The Living Dead: Visual Basic; Chapter 7: Non-HTML Document Types; 7.1 Plaintext Files; 7.2 Bitmap Images; 7.3 Audio and Video; 7.4 XML-Based Documents; 7.5 A Note on Nonrenderable File Types; Chapter 8: Content Rendering with Browser Plug-ins; 8.1 Invoking a Plug-in; 8.2 Document Rendering Helpers; 8.3 Plug-in-Based Application Frameworks; 8.4 ActiveX Controls; 8.5 Living with Other Plug-ins; Browser Security Features; Chapter 9: Content Isolation Logic; 9.1 Same-Origin Policy for the Document Object Model; 9.2 Same-Origin Policy for XMLHttpRequest; 9.3 Same-Origin Policy for Web Storage; 9.4 Security Policy for Cookies; 9.5 Plug-in Security Rules; 9.6 Coping with Ambiguous or Unexpected Origins; 9.7 Other Uses of Origins; Chapter 10: Origin Inheritance; 10.1 Origin Inheritance for about:blank; 10.2 Inheritance for data: URLs; 10.3 Inheritance for javascript: and vbscript: URLs; 10.4 A Note on Restricted Pseudo-URLs; Chapter 11: Life Outside Same-Origin Rules; 11.1 Window and Frame Interactions; 11.2 Cross-Domain Content Inclusion; 11.3 Privacy-Related Side Channels; 11.4 Other SOP Loopholes and Their Uses; Chapter 12: Other Security Boundaries; 12.1 Navigation to Sensitive Schemes; 12.2 Access to Internal Networks; 12.3 Prohibited Ports; 12.4 Limitations on Third-Party Cookies; Chapter 13: Content Recognition Mechanisms; 13.1 Document Type Detection Logic; 13.2 Character Set Handling; Chapter 14: Dealing with Rogue Scripts; 14.1 Denial-of-Service Attacks; 14.2 Window-Positioning and Appearance Problems; 14.3 Timing Attacks on User Interfaces; Chapter 15: Extrinsic Site Privileges; 15.1 Browser- and Plug-in-Managed Site Permissions; 15.2 Form-Based Password Managers; 15.3 Internet Explorer's Zone Model; A Glimpse of Things to Come; Chapter 16: New and Upcoming Security Features; 16.1 Security Model Extension Frameworks; 16.2 Security Model Restriction Frameworks; 16.3 Other Developments; Chapter 17: Other Browser Mechanisms of Note; 17.1 URL- and Protocol-Level Proposals; 17.2 Content-Level Features; 17.3 I/O Interfaces; Chapter 18: Common Web Vulnerabilities; 18.1 Vulnerabilities Specific to Web Applications; 18.2 Problems to Keep in Mind in Web Application Design; 18.3 Common Problems Unique to Server-Side Code; Epilogue; Notes;; UPDATES;

商品评论

平均5.0 星
5 星
1
4 星
0
3 星
0
2 星
0
1 星
0
查看买家评论
与其他用户分享您的观点

热门买家评论

版本: 平装 已确认购买
作者对web安全有非常清晰的理解和思路,是真正的知其然也知其所以然的书,也是市面上少见的关于浏览器安全的书籍。唯一要抱怨的就是,作者大人写得太简略了,内容太密集了,逻辑的跳跃有时候太快了,跟不上啊....
回应 这条评论对您有用吗? 正在提交你的反馈。
感谢您的反馈。
很抱歉,我们没有记录您的投票。请重试
举报

此商品在美国亚马逊上最有用的商品评论 (beta)

美国亚马逊: 平均4.3 星 34 条评论
平均5.0 星 Mandatory reading for every web developer 2012年6月10日
评论者 Ilya Grigorik - 已在美国亚马逊上发表
版本: 平装 已确认购买
"Gaining insights into the underlying mechanics of web applications is far more important that memorizing several thousand random and often unnecessary terms."

That one sentence sums up why "The Tangled Web" is, hands down, the best book on web and browser security. It is all too easy to criticize, lament, and create paranoid scenarios about the "unsound security foundations" of the web. Truth is, all of that criticism is true, and yet the web has proven to be an incredibly robust platform. In this book Michal Zalewski walks us through the history and the evolution of the architecture of the popular browsers, servers, protocols, and everything in between - as it relates security of modern web applications.

Instead of focusing on the usual security acronyms and "attack classes", this book will give you something much more powerful: a bottom up understanding of how a modern browser operates, why it does what it does, and what implications this has for designing more secure applications. This book should be mandatory reading for every web-developer. Highly recommend it.
平均5.0 星 Best applied tech book I've ever read 2013年4月12日
评论者 Maxim Kachurovskiy - 已在美国亚马逊上发表
版本: 平装 已确认购买
This book is AWESOME. One should not be allowed to work on sensitive product without studying it.

Before I didn't even realized that e.g. when Flash makes cross domain requests it appends all ambient credentials - and there are so many insights like this in this book.

While reading I also found a bunch of critical vulnerabilities in the projects I know.
平均5.0 星 Good guidance for developing secure web applications 2014年7月4日
评论者 rpm507 - 已在美国亚马逊上发表
版本: Kindle电子书 已确认购买
Did you know that every web application should have a crossdomain.xml? Check the top level of most popular sites. That is just one of the tips available in the Security Engineering Cheat Sheets in this book. Some of the content is a little dated but the guidance is very applicable.
6/7 人认为此评论有用
平均5.0 星 Systematic coverage of browser security 2011年12月1日
评论者 Marcin Antkiewicz - 已在美国亚马逊上发表
版本: 平装 已确认购买
The book provides systematic coverage of browser security. The first 6 pages of chapter 1 provide brilliant insight into why formal security models, risk management and taxonomies fail to deliver promised security improvements to organizations that embrace them. I used to explain the same with a lot of hand weaving, Zalewski's approach and insight are far superior.

Make no mistake, the book is focused on the browser and related technologies rather than the theory of security. The same tremendous insight, that made me nod with appreciation and wish that I had the book 5 years ago while working on security policies, illuminates browser concepts like in-browser content separation, scripting, and much more.

I appreciate the authors treatment of each of the concepts in the context of the browser as a complex and still evolving technology, with it's own history, standards, market requirements and politics.
平均4.0 星 Great reference book 2013年2月22日
评论者 Mathieu Baudet - 已在美国亚马逊上发表
版本: 平装 已确认购买
Solid content to help one understand all the sad quirks of our Web standards! A great reference book for all security web engineers.