Black hat hackers inhabit the internet, seeking servers to take over and utilize for their own nefarious purposes. While developers do what they can to secure their code, sometimes they are unaware of holes or potential pitfalls that the hackers may take advantage of that exist in the code. To help educate these programmers, there is Web Security for Developers by Malcolm McDonald.
For those developers who are unfamiliar with hacking and exploits that are taken utilized by bad actors, Web Security for Developers introduces developers to hacking. The initial chapter of the book walks the reader through the steps to download and use Kali Linux like a hacker would, teaching the basics of hacking before taking the developer down the road to stop these activities.
Web Security for Developers takes a very basic view of hacking in order to introduce readers who are new to computer science and professional developer, but it also makes for a good review for more seasoned programmers. Before McDonald takes the reader on a tour of exploits, he breaks down how things work from a technical perspective. Chapters on How the Internet, Browsers, Web Servers, and Programmers Work each occupy a chapter to make up the first part of the book and give the necessary background on how things perform to make a website and the internet function.
Once the reader knows how things are supposed to work, the second part of the book takes the reader on how things get broken. Part 2 of Web Security for Developers is The Threats, showing what each of the major vulnerabilities are of websites and servers. Of course, once the vulnerabilities are on display, the reader does learn how to mitigate each of them to stop from being exploited on their own servers.
The vulnerabilities explored in Web Security for Developers are injection attacks, cross-site scripting attacks, cross-site request forgery attacks, compromising authentication, session hijacking, permissions, information leaks, encryption, third-party code, xml attacks, don’t be an accessory, and denial-of-service attacks. Each vulnerability also has multiple points of attack and points to secure, but each situation is covered in depth in easy to understand language that can make any developer more security oriented.
With zero day exploits regularly being revealed, it’s impossible for any book to cover every possible exploit, but Web Security for Developers will give any developer a strong grounding to cover the major technological abuses that an outsider may attempt on their servers. Web Security for Developers is written with the beginner in mind, but it is a good resource for developers at any level to fill in the holes in their knowledge or reinforce their existing expertise.