Web Application Security: Exploitation and Countermeasures for Modern Web Applications

Andrew Hoffman defined the three pillars of application security in his book and this revised and updated second edition examines dozens of related topics, from the latest types of attacks and mitigations to threat modeling, the secure software development lifecycle (SSDL/SDLC), and more.

Format: Paperback / softback
Length: 446 pages
Publication date: 02 February 2024
Publisher: O'Reilly Media

In the groundbreaking first edition of this highly acclaimed book, Andrew Hoffman meticulously outlined the three fundamental pillars of application security: reconnaissance, offense, and defense. In this revised and enhanced second edition, he delves into a multitude of related topics, encompassing the latest attack techniques and mitigation strategies, threat modeling, the secure software development lifecycle (SSDL/SDLC), and much more. Serving as a senior staff security engineer at Ripple, Hoffman also offers valuable insights into exploits and mitigations for various web application technologies, including GraphQL, cloud-based deployments, content delivery networks (CDN), and server-side rendering (SSR). This second edition follows the curriculum established in the first book, dividing itself into three distinct pillars, each encompassing three separate skill sets:

Pillar 1: Recon
In this pillar, Hoffman introduces readers to techniques for remotely mapping and documenting web applications, including practical procedures for working with web applications. He emphasizes the importance of understanding the underlying structure and functionality of web applications to effectively exploit vulnerabilities.

Pillar 2: Offense
In this pillar, Hoffman delves into the realm of attacking web applications using a diverse range of highly effective exploits. These skills are invaluable when combined with the knowledge gained from Pillar 3. Hoffman shares practical techniques and strategies that have been honed by the world's most skilled hackers, enabling readers to develop a comprehensive understanding of web application security.

Pillar 3: Defense
Building upon the skills acquired in the first two pillars, Hoffman guides readers in constructing robust and long-lasting mitigations for each of the attacks described in Pillar 2. He emphasizes the importance of proactive measures, such as vulnerability scanning, code review, and security testing, to identify and address potential vulnerabilities before they can be exploited.

This second edition of Andrew Hoffman's book is a comprehensive resource for anyone seeking to enhance their understanding of application security. It provides a thorough exploration of the latest trends, techniques, and best practices in the field, equipping readers with the knowledge and skills necessary to protect their web applications from emerging threats. Whether you are a security professional, developer, or simply interested in learning more about application security, this book is an essential read.

Weight: 764g
Dimension: 177 x 234 x 27 (mm)
ISBN-13: 9781098143930
Edition number: 2 Revised edition