售价: ¥366.00 待定配送费
前翻 后翻
正在播放... 已暂停   您正在聆听的 Audible 音频版本的样品。
了解更多信息
查看全部 3 张图片

The Tangled Web (英语) 平装 – 2011年11月19日

平均5.0 星 1 条商品评论
| 天天低价·正品质优
|
分享
广告

显示所有 2 格式和版本 隐藏其他格式和版本
亚马逊价格
全新品最低价 非全新品最低价
平装
"请重试"
¥366.00
¥366.00
促销信息: 优惠 买满 ¥99.00 立减 ¥10.00 共1个促销

 

click to open popover

商品促销和特殊优惠
  • 买满 ¥99.00 立减 ¥10.00: 满足条件自动优惠

无需Kindle设备,下载免费Kindle阅读软件,即可在您的手机、电脑及平板电脑上畅享阅读。

  • iPhone/iPad/Mac
  • Android手机或平板电脑

请输入您的手机号码,获取Kindle阅读软件的下载链接。



基本信息

  • 出版社: No Starch Press,US (2011年11月19日)
  • 平装: 320页
  • 语种: 英语
  • ISBN: 1593273886
  • 条形码: 9781593273880
  • 商品尺寸: 17.8 x 2.1 x 22.9 cm
  • 商品重量: 603 g
  • ASIN: 1593273886
  • 用户评分: 平均5.0 星 1 条商品评论
  • 亚马逊热销商品排名: 图书商品里排第2,424,039名 (查看图书商品销售排行榜)
  • 您想告诉我们您发现了更低的价格?

商品描述

作者简介

Michal Zalewski is an internationally recognized information security expert with a long track record of delivering cutting-edge research. He is credited with discovering hundreds of notable security vulnerabilities and frequently appears on lists of the most influential security experts. He is the author of Silence on the Wire (No Starch Press), Google's "Browser Security Handbook," and numerous important research papers.

目录

PRAISE FOR THE TANGLED WEB; PRAISE FOR SILENCE ON THE WIRE BY MICHAL ZALEWSKI; Dedication; Preface; Acknowledgments; Chapter 1: Security in the World of Web Applications; 1.1 Information Security in a Nutshell; 1.2 A Brief History of the Web; 1.3 The Evolution of a Threat; 1.4 Global browser market share, May 2011; Anatomy of the Web; Chapter 2: It Starts with a URL; 2.1 Uniform Resource Locator Structure; 2.2 Reserved Characters and Percent Encoding; 2.3 Common URL Schemes and Their Function; 2.4 Resolution of Relative URLs; Chapter 3: Hypertext Transfer Protocol; 3.1 Basic Syntax of HTTP Traffic; 3.2 HTTP Request Types; 3.3 Server Response Codes; 3.4 Keepalive Sessions; 3.5 Chunked Data Transfers; 3.6 Caching Behavior; 3.7 HTTP Cookie Semantics; 3.8 HTTP Authentication; 3.9 Protocol-Level Encryption and Client Certificates; Chapter 4: Hypertext Markup Language; 4.1 Basic Concepts Behind HTML Documents; 4.2 Understanding HTML Parser Behavior; 4.3 Entity Encoding; 4.4 HTTP/HTML Integration Semantics; 4.5 Hyperlinking and Content Inclusion; Chapter 5: Cascading Style Sheets; 5.1 Basic CSS Syntax; 5.2 Parser Resynchronization Risks; 5.3 Character Encoding; Chapter 6: Browser-Side Scripts; 6.1 Basic Characteristics of JavaScript; 6.2 Standard Object Hierarchy; 6.3 Script Character Encoding; 6.4 Code Inclusion Modes and Nesting Risks; 6.5 The Living Dead: Visual Basic; Chapter 7: Non-HTML Document Types; 7.1 Plaintext Files; 7.2 Bitmap Images; 7.3 Audio and Video; 7.4 XML-Based Documents; 7.5 A Note on Nonrenderable File Types; Chapter 8: Content Rendering with Browser Plug-ins; 8.1 Invoking a Plug-in; 8.2 Document Rendering Helpers; 8.3 Plug-in-Based Application Frameworks; 8.4 ActiveX Controls; 8.5 Living with Other Plug-ins; Browser Security Features; Chapter 9: Content Isolation Logic; 9.1 Same-Origin Policy for the Document Object Model; 9.2 Same-Origin Policy for XMLHttpRequest; 9.3 Same-Origin Policy for Web Storage; 9.4 Security Policy for Cookies; 9.5 Plug-in Security Rules; 9.6 Coping with Ambiguous or Unexpected Origins; 9.7 Other Uses of Origins; Chapter 10: Origin Inheritance; 10.1 Origin Inheritance for about:blank; 10.2 Inheritance for data: URLs; 10.3 Inheritance for javascript: and vbscript: URLs; 10.4 A Note on Restricted Pseudo-URLs; Chapter 11: Life Outside Same-Origin Rules; 11.1 Window and Frame Interactions; 11.2 Cross-Domain Content Inclusion; 11.3 Privacy-Related Side Channels; 11.4 Other SOP Loopholes and Their Uses; Chapter 12: Other Security Boundaries; 12.1 Navigation to Sensitive Schemes; 12.2 Access to Internal Networks; 12.3 Prohibited Ports; 12.4 Limitations on Third-Party Cookies; Chapter 13: Content Recognition Mechanisms; 13.1 Document Type Detection Logic; 13.2 Character Set Handling; Chapter 14: Dealing with Rogue Scripts; 14.1 Denial-of-Service Attacks; 14.2 Window-Positioning and Appearance Problems; 14.3 Timing Attacks on User Interfaces; Chapter 15: Extrinsic Site Privileges; 15.1 Browser- and Plug-in-Managed Site Permissions; 15.2 Form-Based Password Managers; 15.3 Internet Explorer's Zone Model; A Glimpse of Things to Come; Chapter 16: New and Upcoming Security Features; 16.1 Security Model Extension Frameworks; 16.2 Security Model Restriction Frameworks; 16.3 Other Developments; Chapter 17: Other Browser Mechanisms of Note; 17.1 URL- and Protocol-Level Proposals; 17.2 Content-Level Features; 17.3 I/O Interfaces; Chapter 18: Common Web Vulnerabilities; 18.1 Vulnerabilities Specific to Web Applications; 18.2 Problems to Keep in Mind in Web Application Design; 18.3 Common Problems Unique to Server-Side Code; Epilogue; Notes;; UPDATES;

商品评论

平均5.0 星
5 星
1
4 星
0
3 星
0
2 星
0
1 星
0
查看买家评论
与其他用户分享您的观点

热门买家评论

版本: 平装 已确认购买
作者对web安全有非常清晰的理解和思路,是真正的知其然也知其所以然的书,也是市面上少见的关于浏览器安全的书籍。唯一要抱怨的就是,作者大人写得太简略了,内容太密集了,逻辑的跳跃有时候太快了,跟不上啊....
回应 这条评论对您有用吗? 正在提交你的反馈。
感谢您的反馈。
很抱歉,我们没有记录您的投票。请重试
举报

此商品在美国亚马逊上最有用的商品评论 (beta) (可能包括"Early Reviewer Rewards Program"的评论)

美国亚马逊: 平均4.0 星 35 条评论
平均5.0 星 Mandatory reading for every web developer 2012年6月10日
评论者 Ilya Grigorik - 已在美国亚马逊上发表
版本: 平装 已确认购买
"Gaining insights into the underlying mechanics of web applications is far more important that memorizing several thousand random and often unnecessary terms."

That one sentence sums up why "The Tangled Web" is, hands down, the best book on web and browser security. It is all too easy to criticize, lament, and create paranoid scenarios about the "unsound security foundations" of the web. Truth is, all of that criticism is true, and yet the web has proven to be an incredibly robust platform. In this book Michal Zalewski walks us through the history and the evolution of the architecture of the popular browsers, servers, protocols, and everything in between - as it relates security of modern web applications.

Instead of focusing on the usual security acronyms and "attack classes", this book will give you something much more powerful: a bottom up understanding of how a modern browser operates, why it does what it does, and what implications this has for designing more secure applications. This book should be mandatory reading for every web-developer. Highly recommend it.
1/2 人认为此评论有用
平均1.0 星 I don't understand what the hype around this book is about 2017年5月7日
评论者 Pen Name - 已在美国亚马逊上发表
版本: 平装 已确认购买
I am a software engineer currently working on several web app projects. I have a moderate background in web app security and I bought this book in order to gain better insight on the subject.
This book is poorly structured. It seems like the author compiled his scribbles and notes into a book without considering how they would fit together. The content is superficial at best and lacks examples. Moreover, it seems like the author has used this book as a stage to talk negatively on internet Explorer (we get it, it's a bad browser). I tried to give this book multiple chances but had to stop reading it around page 150. It's simply a bad book.
I recommend to stay away from this book and consider other options (such as Web App Hacker Handbook) to anyone interested to learn web app security.
平均5.0 星 Best applied tech book I've ever read 2013年4月12日
评论者 Maxim Kachurovskiy - 已在美国亚马逊上发表
版本: 平装 已确认购买
This book is AWESOME. One should not be allowed to work on sensitive product without studying it.

Before I didn't even realized that e.g. when Flash makes cross domain requests it appends all ambient credentials - and there are so many insights like this in this book.

While reading I also found a bunch of critical vulnerabilities in the projects I know.
6/7 人认为此评论有用
平均5.0 星 Systematic coverage of browser security 2011年12月1日
评论者 Marcin Antkiewicz - 已在美国亚马逊上发表
版本: 平装 已确认购买
The book provides systematic coverage of browser security. The first 6 pages of chapter 1 provide brilliant insight into why formal security models, risk management and taxonomies fail to deliver promised security improvements to organizations that embrace them. I used to explain the same with a lot of hand weaving, Zalewski's approach and insight are far superior.

Make no mistake, the book is focused on the browser and related technologies rather than the theory of security. The same tremendous insight, that made me nod with appreciation and wish that I had the book 5 years ago while working on security policies, illuminates browser concepts like in-browser content separation, scripting, and much more.

I appreciate the authors treatment of each of the concepts in the context of the browser as a complex and still evolving technology, with it's own history, standards, market requirements and politics.