Skip to content

FREE SHIPPING ON ALL ORDERS OVER $200USD (~800 ZŁ) - SHOP NOW 📦

Security of web applications

Sold out
Original price 108.00 zł - Original price 168.00 zł
Original price
108.00 zł
108.00 zł - 168.00 zł
Current price 108.00 zł
🎯 Buy and collect 108 points for your next purchase.
Choose a Editions

A must-read for anyone interested in cybersecurity.
The first project of this type on the Polish market. Fully written by Polish pentesters, specialists in their industries.

Released by Securitum, edited by Michał Sajdak .

For whom?

  • For developers to build awareness of threats and learn how to protect applications.
  • For testers to learn key tools and learn about cybersecurity
  • For pentesters to learn unique offensive techniques and build a workshop

Contents:

Entry.

  • Preface [Gynvael Coldwind]
  • Legal aspects of offensive IT security [Bohdan Widła]
  • Basics of the HTTP protocol [free download in PDF] [Michał Sajdak]
  • Burp Suite Community Edition - introduction to HTTP proxy support [Marcin Piosek]
  • HTTP/2 protocol - faster, but also safer? [Michael Sajdak]
  • HTTP headers in the context of security [Artur Czyż]
  • Chrome DevTools in the service of web application security [Rafał Janicki]
  • Static password security [Adrian Michalczyk]

Reconnaissance

  • Reconnaissance of web applications (target search) [Michał Sajdak]
  • Hidden directories and files as a source of information about Internet applications [Rafał Janicki]

Vulnerabilities

  • Cross-Site Scripting (XSS) vulnerability [Michael Bentkowski]
  • Content Security Policy (CSP) [Michał Bentkowski]
  • Same-Origin Policy and Cross-Origin Resource Sharing (CORS) [Mateusz Niezabitowski]
  • Cross-Site Request Forgery (CSRF) vulnerability [Michał Sajdak]
  • Server-Side Template Injection (SSTI) vulnerability [Mateusz Niezabitowski]
  • Server-Side Request Forgery (SSRF) vulnerability [Michał Sajdak]
  • SQL injection vulnerability [Michał Bentkowski]
  • Path Traversal vulnerability [Marcin Piosek]
  • Vulnerabilities Command Injection / Code Injection [Marcin Piosek]

other areas

  • Authentication, session management, authorization [Marcin Piosek]
  • Pitfalls in processing XML files [Michał Bentkowski]
  • REST API security [Michał Sajdak]
  • Dangers of JSON Web Token (JWT) [Michał Sajdak]
  • Advantages and disadvantages of OAuth 2.0 from the security perspective [Marcin Piosek]
  • WebSocket security [Marcin Piosek]
  • Introduction to Bug Bounty Programs [Jarosław Kamiński]
  • SameSite flag - how does it work and what does it protect against? [Marcin Piosek]

Deserialization

  • Dangers of deserialization in PHP [Michał Bentkowski]
  • Dangers of deserialization in Python (pickle module) [Michał Bentkowski]
  • Dangers of deserialization in .NET [Grzegorz Trawiński]
  • Dangers of deserialization in Java [Mateusz Niezabitowski]

Specification:

- Polish language
- Approximately 800 pages
- 10 authors
- 30 chapters
- Integrated luminaire

It is possible to order a book with the signatures of several authors.