"In the first edition of this critically acclaimed book Andrew Hoffman defined the three
pillars of application security: reconnaissance offense and defense. In this revised and
updated second edition he examines dozens of related topics from the latest types of attacks
and mitigations to threat modeling the secure software development lifecycle (SSDL SDLC) and
more. Hoffman senior staff security engineer at Ripple also provides information regarding
exploits and mitigations for several additional web application technologies such as GraphQL
cloud-based deployments content delivery networks (CDN) and server-side rendering (SSR).
Following the curriculum from the first book this second edition is split into three distinct
pillars comprising three separate skill sets: Pillar 1: Recon -- Learn techniques for mapping
and documenting web applications remotely including procedures for working with web
applications Pillar 2: Offense --- Explore methods for attacking web applications using a
number of highly effective exploits that have been proven by the best hackers in the world.
These skills are valuable when used alongside the skills from Pillar 3. Pillar 3: Defense --
Build on skills acquired in the first two parts to construct effective and long-lived
mitigations for each of the attacks described in Pillar 2."--
