Website security made easy. This book covers the most common ways websites get hacked and how
web developers can defend themselves. The world has changed. Today every time you make a site
live you're opening it up to attack. A first-time developer can easily be discouraged by the
difficulties involved with properly securing a website. But have hope: an army of security
researchers is out there discovering documenting and fixing security flaws. Thankfully the
tools you'll need to secure your site are freely available and generally easy to use. Web
Security for Developers will teach you how your websites are vulnerable to attack and how to
protect them. Each chapter breaks down a major security vulnerability and explores a real-world
attack coupled with plenty of code to show you both the vulnerability and the fix. You'll
learn how to: • Protect against SQL injection attacks malicious JavaScript and cross-site
request forgery • Add authentication and shape access control to protect accounts • Lock down
user accounts to prevent attacks that rely on guessing passwords stealing sessions • or
escalating privileges • Implement encryption • Manage vulnerabilities in legacy code • Prevent
information leaks that disclose vulnerabilities • Mitigate advanced attacks like malvertising
and denial-of-service As you get stronger at identifying and fixing vulnerabilities you'll
learn to deploy disciplined secure code and become a better programmer along the way.
