Abstract
This chapter discusses best practices for securing Web applications and pinpoints common mistakes developers tend to make in this regard. This is interesting knowledge for both developers and attackers who have no development background, and thus often do not know how Web developers think and work. This is often half the battle in terms of finding Web application bugs in a more efficient manner. Experienced penetration testers and attackers often just have to see a particular feature to know that it is vulnerable—or is likely to be vulnerable. General code injections—cross-site scripting attacks as well as code injections and similar attacks—are discussed. This chapter discusses techniques with which the users should be able to create a client-side sandbox that takes setter assignments into account. This is useful for client-side malware analysis, as it would allow one to execute the code but prevent actual DOM manipulation while still monitoring what has been assigned. If an untrusted code is to be handled and included on the Web site, perhaps accepting code from the user or online advertisements, this chapter gives the users the groundwork and the knowledge to create user's own system or implement one correctly. Programmers who test and break their own code produce better-quality code that is more secure than programmers who do not.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
