SOLDES

Jusqu'à -70% sur une sélection d'articles*

Nouveauté

Finding and Fixing XSS. Detect and Defend Against Real-World XSS Attacks

Par : Roland Espinoza
Offrir maintenant
Ou planifier dans votre panier
Disponible dans votre compte client Decitre ou Furet du Nord dès validation de votre commande. Le format ePub est :
  • Compatible avec une lecture sur My Vivlio (smartphone, tablette, ordinateur)
  • Compatible avec une lecture sur liseuses Vivlio
  • Pour les liseuses autres que Vivlio, vous devez utiliser le logiciel Adobe Digital Edition. Non compatible avec la lecture sur les liseuses Kindle, Remarkable et Sony
Logo Vivlio, qui est-ce ?

Notre partenaire de plateforme de lecture numérique où vous retrouverez l'ensemble de vos ebooks gratuitement

Pour en savoir plus sur nos ebooks, consultez notre aide en ligne ici
C'est si simple ! Lisez votre ebook avec l'app Vivlio sur votre tablette, mobile ou ordinateur :
Google PlayApp Store
  • FormatePub
  • ISBN8259604698
  • EAN9798259604698
  • Date de parution29/06/2026
  • Protection num.pas de protection
  • Taille748 Ko
  • Infos supplémentairesepub
  • ÉditeurChiify

Résumé

Cross-site scripting is the most pervasive web security flaw, and Finding and Fixing XSS is your hands-on guide to mastering its detection and remediation. Whether you are a beginner developer or a seasoned pro, this book teaches you how to find reflected and stored XSS in real-world applications-and, crucially, how to write fixes that actually close the vulnerability for good. You will learn to spot XSS in every context: URL parameters, form inputs, JSON responses, and even inside JavaScript strings.
Through practical examples and step-by-step walkthroughs, you will understand why common mitigations like HTML encoding or input validation often fail, and how to implement proper output encoding, content security policies, and secure-by-design patterns. Each chapter builds on the last, moving from simple reflected flaws to complex stored attacks that persist across sessions. The book covers advanced topics such as DOM-based XSS, mutation XSS, and bypassing WAFs, all while emphasizing the mindset of a security engineer who thinks like an attacker.
You will also get a complete toolkit for testing your own applications: browser extensions, fuzzing techniques, and automated scanners-but with the caveat that no tool replaces understanding. Real-world case studies show how XSS was exploited in major breaches, and how the fixes were eventually applied. By the end, you will be able to audit any web application for XSS, write secure code from the start, and explain the risks to non-technical stakeholders.
This is not just a theory book-it is a workbook you will keep open on your desk. Competing titles like [placeholder] and [placeholder] cover XSS superficially, but this book goes deep into the mechanics of the attack and the exact code changes that close it. If you want to stop XSS for good, start here.