Hacksplaining is now a book! Hacksplaining has partnered with No Starch Press put all your essential web security knowledge into dead-tree form.

Web Security for Developers will teach you how your websites are vulnerable to attack and how to protect them. Each chapter breaks down a major security vulnerability and explores a real-world attack, coupled with plenty of code to show you both the vulnerability and the fix. You’ll learn how to:

  • Protect against SQL injection attacks, malicious JavaScript, and cross-site request forgery
  • Add authentication and shape access control to protect accounts
  • Lock down user accounts to prevent attacks that rely on guessing passwords, stealing sessions, or escalating privileges
  • Implement encryption
  • Manage vulnerabilities in legacy code
  • Prevent information leaks that disclose vulnerabilities
  • Mitigate advanced attacks like malvertising and denial-of-service

Read the First Chapter!

What's in the Book

  • Introduction
  • Chapter 1: Let’s Hack a Website

Part I: The Basics

  • Chapter 2: How the Internet Works
  • Chapter 3: How Browsers Work
  • Chapter 4: How Web Servers Work
  • Chapter 5: How Programmers Work
  • Chapter 6: Injection Attacks

Part II: The Threats

  • Chapter 7: Cross-Site Scripting Attacks
  • Chapter 8: Cross-Site Request Forgery Attacks
  • Chapter 9: Compromising Authentication
  • Chapter 10: Session Hijacking
  • Chapter 11: Permissions
  • Chapter 12: Information Leaks
  • Chapter 13: Encryption
  • Chapter 14: Third-party Code
  • Chapter 15: XML Attacks
  • Chapter 16: Don't Be an Accessory
  • Chapter 17: Denial-of-Service Attacks
  • Chapter 18: Summing Up
  • Index

Product Details

Published: June 2020
Pages: 216
ISBN-13: 9781593279943