The Web Security Topics Series

Web Application Attacks and Defences

Secure Communication

  • Nigel Chapman and Jenny Chapman
  • 978-0-9567370-6-9
  • MacAvon Media, pb. approx. 150 pages
  • To be published in July 2013

Recommended list prices: £7.99 (GBP), $11.49 (USD), €8.99 (EU) – prices at booksellers may vary.

A short book in the Web Security Topics series for Web developers, providing a clear guide to injection attacks and cross-site scripting attacks. Describes different kinds of attack, and explains how to ensure that malicious data to a Web application is either rejected or rendered harmless. Includes examples in JavaScript/Node.js, key points at the end of every section and a full glossary.

Provisional Description

Written for professional and student Web developers, this little book provides a clear guide to different kinds of malicious attack on Web applications, and the ways in which the developer can defend their application against these attacks.

Web applications may use secure communication and implement a secure authentication scheme, but still be vulnerable to attacks by way of specially crafted data that may be sent by malefactors. This book explains how requests which may seem legitimate can be used as a vehicle for injection attacks which access private files, execute commands on the server, generate bulk email, and execute database queries. It also describes those attacks, usually called cross-site scripting attacks, which rely on deceiving the Web application into executing JavaScript which can obtain data or cookies from visitors to the site.

The defence against such attacks is to ensure that malicious data submitted to the Web application is either rejected or rendered harmless. This guide describes how this can be achieved.

Short working programs written in JavaScript/Node.js are provided throughout the book and via the companion site websecuritytopics.info.

More information about this title will be provided here when it is published.