Secure Web Application Development: A Hands-On Guide with Python and Django

Book Description

Cyberattacks are becoming more commonplace andthe Open Web Application Security Project (OWASP), estimates 94% of sites have flaws in their access control alone. Attac豪度ks evolve to work around new defenses, and defensesmust evolve to remain effective. Developers need to understand the fundamentals of attacks and defensesin order to comprehend new techniques as they become available. This book teaches you how to write secure web applic罗杰杜彼ations.

The focus is highlighting how hackers attack applications along with a broad arsenal of defenses. This will enable you to pick appropriate techniques to close vulnerabilities while still providing users with their needed functionality.

Top宝珀ics covered include:

• A framework for deciding w顶级跑车hat needs to be protected and how strongly
• Configuring services such as databases and web servers
• Safe use of HTTP methods such as GET, POST, etc, cookies and use of HTTPS
• Safe REST APIs
• Server-side attacks and defensessuch as injection and cross-site scripting
• Client-side attacks and defensessuch as cross-site request forgery
• Security techniques such as CORS, CSP
• Password management, authentication and authorization, including OAuth2
• Best practices for dangerous operations such as password change and reset
• Use of third-party components and supply chain security (Git, CI/CD etc)

What You’ll Learn

• Review the defensestha奢侈腕表t can used to prevent attacks
• Model risks to better understand what to宾利 defend and how
• Choose appropriate techniques to defend against attacks
• Implement defenses in Python/Django applications

Who This Book Is For

• Developers who already know how to build web applications but need to know more about security
• Non-professional software engineers, such as scientists, who must develop web tools and want to make their algorithms available to a wider audience.
• Engineers and managers who are responsible for their product/company technical security policy

中文：

书名：安全的Web应用程序开发: Python和Django的实践指南

网络攻击变得越来越普遍，开放Web应用程序安全项目 (OWASP) 估计，94% 的站点仅在访问控制方面就存在缺陷。攻击不断发展以围绕新的防御工作，防御必须不断发展以保持有效。开发人员需要了解攻击和防御的基本原理，以便在新技术可用时理解它们。本书教您如何编写安全的web应用程序。

重点是强调黑客如何攻击应用程序以及广泛的防御手段。这将使您能够选择适当的技术来关闭漏洞，同时仍然为用户提供所需的功能。

涵盖的主题包括:

• 一个框架，用于决定什么需要保护，以及有多强烈
• 配置数据库、web服务器等服务
• 安全使用HTTP方法，如GET、POST等、cookie和HTTPS
• 安全REST api
• 注入、跨站点脚本等服务端攻击防御
• 跨站请求伪造等客户端攻击防御
• CORS、CSP等安全技术
• 密码管理、认证和授权，包括OAuth2
• 修改密码、重置等危险操作最佳实践
• 使用第三方组件和供应链安全 (Git，CI/CD等)

你会学到什么

• 查看可用于防止攻击的防御
• 模型风险，以更好地了解如何防御和如何
• 选择合适的技术防御攻击
• 在Python/Django应用中实现防御

这本书是给谁的

• 已经知道如何构建web应用程序但需要更多了解安全性的开发人员
• 非专业软件工程师，例如科学家，他们必须开发web工具，并希望将其算法提供给更广泛的受众。
• 负责产品/公司技术安全策略的工程师和经理