Librería Portfolio

As a web developer, you may not want to spend time making your web app secure, but it definitely comes with the territory. This practical guide provides you with the latest information on how to thwart security threats at several levels, including new areas such as microservices. You'll learn how to help protect your app no matter where it runs, from the latest smartphone to an older desktop, and everything in between.

Author John Paul Mueller delivers specific advice as well as several security programming examples for developers with a good knowledge of CSS3, HTML5, and JavaScript. In five separate sections, this book shows you how to protect against viruses, DDoS attacks, security breaches, and other nasty intrusions.

Create a security plan for your organization that takes the latest devices and user needs into account
Develop secure interfaces, and safely incorporate third-party code from libraries, APIs, and microservices
Use sandboxing techniques, in-house and third-party testing techniques, and learn to think like a hacker
Implement a maintenance cycle by determining when and how to update your application software
Learn techniques for efficiently tracking security threats as well as training requirements that your organization can use



Developing a Security Plan
Chapter 1Defining the Application Environment
Specifying Web Application Threats
Understanding Software Security Assurance (SSA)
Delving into Language-Specific Issues
Considering Endpoint Defense Essentials
Dealing with Cloud Storage
Using External Code and Resources
Allowing Access by Others
Chapter 2Embracing User Needs and Expectations
Developing a User View of the Application
Considering Bring Your Own Device (BYOD) Issues
Devising Password Alternatives
Focusing on User Expectations
Chapter 3Getting Third-Party Assistance
Discovering Third-Party Security Solutions
Considering Cloud Security Solutions
Choosing Between Product Types
Applying Successful Coding Practices
Chapter 4Developing Successful Interfaces
Assessing the User Interface
Providing Controlled Choices
Choosing a User Interface Solution Level
Validating the Input
Expecting the Unexpected
Chapter 5Building Reliable Code
Differentiating Reliability and Security
Developing Team Protocols
Creating a Lessons Learned Feedback Loop
Considering Issues of Packaged Solutions
Chapter 6Incorporating Libraries
Considering Library Uses
Differentiating Between Internally Stored and Externally Stored Libraries
Defining the Security Threats Posed by Libraries
Incorporating Libraries Safely
Differentiating Between Libraries and Frameworks
Chapter 7Using APIs with Care
Differentiating Between APIs and Libraries
Extending JavaScript Using APIs
Defining the Security Threats Posed by APIs
Accessing APIs Safely from JavaScript
Chapter 8Considering the Use of Microservices
Defining Microservices
Making Microservice Calls Using JavaScript
Defining the Security Threats Posed by Microservices
Creating Alternate Microservice Paths
Creating Useful and Efficient Testing Strategies
Chapter 9Thinking Like a Hacker
Defining a Need for Web Security Scans
Building a Testing System
Defining the Most Common Breach Sources
Testing in a BYOD Environment
Relying on User Testing
Using Outside Security Testers
Chapter 10Creating an API Safety Zone
Understanding the Concept of an API Safety Zone
Defining the Need for an API Safety Zone
Developing with an API Sandbox
Considering Virtual Environments
Chapter 11Checking Libraries and APIs for Holes
Creating a Testing Plan
Testing Libraries and APIs Individually
Performing Integration Testing
Testing for Language-Specific Issues
Chapter 12Using Third-Party Testing
Locating Third-Party Testing Services
Creating a Testing Plan
Implementing a Testing Plan
Using the Resulting Reports
Implementing a Maintenance Cycle
Chapter 13Clearly Defining Upgrade Cycles
Developing a Detailed Upgrade Cycle Plan
Creating an Upgrade Testing Schedule
Moving an Upgrade to Production
Chapter 14Considering Update Options
Differentiating Between Upgrades and Updates
Determining When to Update
Updating Language Suites
Performing Emergency Updates
Creating an Update Testing Schedule
Chapter 15Considering the Need for Reports
Using Reports to Make Changes
Creating Internal Reports
Relying on Externally Generated Reports
Providing for User Feedback
Locating Security Resources
Chapter 16Tracking Current Security Threats
Developing Sources for Security Threat Information
Avoiding Information Overload
Creating a Plan for Upgrades Based on Threats
Creating a Plan for Updates Based on Threats
Chapter 17Getting Required Training
Creating an In-House Security Training Plan
Obtaining Third-Party Training for Developers
Ensuring Users Are Security Aware