The Tangled Web – A Guide to Securing Modern Web Applications, Michal Zalewski, – 2012
Web application programmers will want to read this timely and important book. 250 pages. Contents:
- Security in the world of Web applications
- Part I: Anatomy of the Web
- It starts with a URL
- Hypertext transfer protocol
- Hypertext markup language
- Cascading style sheets
- Browser-side scripts
- Non-HTML document types
- Content rendering with browser plug-ins
- Part II: Browser security features
- Content isolation logic
- Origin inheritance
- Life outside same-origin rules
- Other security boundaries
- Content recognition mechanisms
- Dealing with rogue scripts
- Extrinsic site privileges
- Part III: A glimpse of things to come
- New and upcoming security features
- Other browser mechanisms of note
- Common Web vulnerabilities.