"Preface In mid-2010, Zhang Chunyu asked me if I could write a book on cloud computing. While the concept of cloud computing is very popular, there is not enough written material on how to handle this. Though I have kept myself up to date with this technology, I declined Zhang's request as the prospects in the field were not clear and instead wrote this book on web security. My Road of Security My interest in security developed when I was a student, after I got a book on hacking with no ISBN from the black market. The book had a teaching course on coolfire, which intrigued me. Ever since, I have been hooked to hacking and have taken much interest in practicing the techniques covered in these types of books. In 2000, I joined Xi'an Jiaotong University. Fortunately for me, the computer room at the university was open even after school hours. Though the price of online browsing was high, I invested most of my living expenses in the computer room. In return, I was gaining more knowledge in this field. With the momentum gained at university, I soon got my first computer with the help of my parents. This only helped to increase my interest in the field. In a short while, I collaborated with my friends to set up a technical organization called ph4nt0m.org, named after my favorite comic character. Though the organization did not last long, it helped groom top talents through communication forums that it initiated. This was the proudest achievement in the 20 years of my life. Due to the openness of the Internet and the advances in technology, I have witnessed nearly all the developments in Internet security in the last decade. During the first five years, I witnessed the technology in penetrating tests, cache overflow, and web hacking
for the next five years"-- Provided by publisher. "This book introduces nearly all aspects of web security. It reveals how hackers work and explains why companies of different scale should choose their own methodology of security. With in depth analysis of the reasons behind the choices, the book covers client script security, server applications security, and Internet company security operations. It also includes coverage of browser security, cross sites script attacks, click jacking, HTML5/PHP security, injection attacks, authentication, session management, access control, web frame security, DDOS, leaks, Internet transactions security, security development lifecycle, and security operations. "-- Provided by publisher.
Includes bibliographical references and index.