Search icon Close icon
Search icon CANCEL
Subscription
0
Cart icon
Cart
Close icon
You have no products in your basket yet
Save more on your purchases!
Savings automatically calculated. No voucher code required
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Security-Driven Software Development

You're reading from  Security-Driven Software Development

Product type Book
Published in Mar 2024
Publisher Packt
ISBN-13 9781835462836
Pages 262 pages
Edition 1st Edition
Languages
Concepts
Author (1):
Aspen Olmsted Aspen Olmsted
Profile icon Aspen Olmsted
LinkedIn
Aspen Olmsted is an associate professor and program director at Wentworth Institute of Technology in the Computer Science department. He obtained a Ph.D. in Computer Science and Engineering from The University of South Carolina. Before his academic career, he was CEO of Alliance Software Corporation. Alliance Software developed N-Tier enterprise applications for the performing arts and humanities market. Dr Olmsted's research focus is on the development of algorithms and architectures for distributed enterprise solutions that can guarantee security and correctness while maintaining high-availability. In his Secure Data Engineering Lab, Aspen mentors over a dozen graduate and undergraduate students each year.
Read more
See other products by Aspen Olmsted
Toc

Table of Contents (20) Chapters close

Preface 1. Part 1: Modeling a Secure Application
2. Chapter 1: Security Principles 3. Chapter 2: Designing a Secure Functional Model 4. Chapter 3: Designing a Secure Object Model 5. Chapter 4: Designing a Secure Dynamic Model 6. Chapter 5: Designing a Secure System Model 7. Chapter 6: Threat Modeling 8. Part 2: Mitigating Risks in Implementation
9. Chapter 7: Authentication and Authorization 10. Chapter 8: Input Validation and Sanitization 11. Chapter 9: Standard Web Application Vulnerabilities 12. Chapter 10: Database Security 13. Part 3: Security Validation
14. Chapter 11: Unit Testing 15. Chapter 12: Regression Testing 16. Chapter 13: Integration, System, and Acceptance Testing 17. Chapter 14: Software Penetration Testing 18. Index 19. Other Books You May Enjoy

Request forgery

Cross-Site Request Forgery (CSRF), is a web security vulnerability that occurs when an attacker fools the browser into doing an unwanted action on a third-party trusted site. The user is authenticated on the third-party site, and the CSRF attack exploits that authentication. One of the most infamous CSRF attacks occurred in 2008 and targeted the WordPress blogging application. The attack is known as the “Samy Worm” because Samy Kamkar created it.

Here’s an overview of CSRF and preventive measures:

  • CSRF attack scenario:
    • An attacker tricks a user into loading a page that contains a malicious request
    • The malicious request is crafted to act on a target site where the user is authenticated (e.g., changing account settings or making a purchase)
    • Since the user is authenticated on the target site, the browser includes the user’s session cookie in the request, making it appear legitimate to the target site
    • The target site unknowingly processes...
lock icon The rest of the chapter is locked
arrow left Previous Section
Section 4 of 9
Next Section arrow right
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at €14.99/month. Cancel anytime}

Authors (1)

Left arrow icon
Profile icon Aspen Olmsted
LinkedIn
Aspen Olmsted is an associate professor and program director at Wentworth Institute of Technology in the Computer Science department. He obtained a Ph.D. in Computer Science and Engineering from The University of South Carolina. Before his academic career, he was CEO of Alliance Software Corporation. Alliance Software developed N-Tier enterprise applications for the performing arts and humanities market. Dr Olmsted's research focus is on the development of algorithms and architectures for distributed enterprise solutions that can guarantee security and correctness while maintaining high-availability. In his Secure Data Engineering Lab, Aspen mentors over a dozen graduate and undergraduate students each year.
Read more
See other products by Aspen Olmsted
Right arrow icon

Personalised recommendations for you

Based on your interests and search pattern
Left arrow icon
C++ Programming for Linux Systems
C++ Programming for Linux Systems
Read more
This book covers the essential system programming tools and helps you explore the features of C++20. It emphasizes important details to maintain code quality and tackle everyday challenges of developing software for high performance, optimization, and more.
Read more
Sep 2023 9 hours 36 minutes
Expert C++
Expert C++
Read more
Discover advanced programming techniques, the latest features of C++17 and C++20, and best practices for memory management, debugging, testing, and large-scale application design with Expert C++. Ideal for experienced developers advancing to proficient programmers and building professional-grade C++ applications.
Read more
Aug 2023 20 hours 8 minutes
iOS 17 Programming for Beginners
iOS 17 Programming for Beginners
Read more
iOS 17 Programming for Beginners, Eighth Edition is your comprehensive guide to learning the art of iOS app development. Whether you dream of creating the next chart-topping app or simply want to enhance your programming skills, this book is your trusted companion on this exciting journey.
Read more
Oct 2023 20 hours 8 minutes
Developer Career Masterplan
Developer Career Masterplan
Read more
Written by industry experts that have spent the last 20+ years helping developers grow their career path towards senior developer positions and beyond. This book provides a comprehensive guide, sharing examples and stories from their global careers. By the end, you’ll have the knowledge to create a clear career progression plan as a technical professional.
Read more
Sep 2023 10 hours 20 minutes
Refactoring with C#
Refactoring with C#
Read more
In Refactoring with C#, you’ll explore the process of safely refactoring modern .NET code using Visual Studio features, advanced unit tests, AI assistance, and custom Roslyn analyzers.
Read more
Nov 2023 14 hours 28 minutes
Python Real-World Projects
Python Real-World Projects
Read more
Amplify your developer journey by curating a dynamic project portfolio that outshines traditional resumes. Delve into the Python realm through immersive projects, mastering core concepts while constructing comprehensive modules and applications. From data acquisition prowess to impactful data visualization, Python Real-World Projects arms you with essential skills to beat the competition.
Read more
Sep 2023 15 hours 56 minutes
The MVVM Pattern in .NET MAUI
The MVVM Pattern in .NET MAUI
Read more
The MVVM Pattern in .NET MAUI enables developers to master MVVM principles and effectively apply them to .NET MAUI. This book uses real-life examples and covers complex problems to help you successfully apply MVVM with .NET MAUI to confidently develop robust and high-performing cross-platform apps.
Read more
Nov 2023 12 hours 52 minutes
Extending Microsoft Business Central with Power Platform
Extending Microsoft Business Central with Power Platform
Read more
Extending Business Central with the Power Platform is a step-by-step guide for Business Central professionals to create solutions that automate business processes, explain complex workflow approvals, and integrate with hundreds of other systems, without traditional development. It’ll guide you in customizing Business Central with Power Platform.
Read more
Aug 2023 15 hours 16 minutes
Extending Microsoft Business Central with Power Platform
Extending Microsoft Business Central with Power Platform
Read more
Extending Business Central with the Power Platform is a step-by-step guide for Business Central professionals to create solutions that automate business processes, explain complex workflow approvals, and integrate with hundreds of other systems, without traditional development. It’ll guide you in customizing Business Central with Power Platform.
Read more
Aug 2023 15 hours 16 minutes
Quantum Computing Algorithms
Quantum Computing Algorithms
Read more
The book emphasizes intuitive ideas behind quantum algorithms in ways that other books don’t cover, striking a careful balance between no math and too much math. To get the most from this book, you should be comfortable with basic algebra and writing simple computer code. No prior understanding of quantum physics is needed to get started.
Read more
Sep 2023 11 hours 24 minutes
Python – Complete Python, Django, Data Science and ML Guide
Python – Complete Python, Django, Data Science and ML Guide
Read more
Unlock Python's full potential with this 50+ hour course! From programming to web and game development, data manipulation, and machine learning, gain the skills required to succeed in various Python-related careers. With practical tasks, hands-on experience, and a strong foundation in Python, you'll be ready to tackle real-world challenges and take advantage of the many opportunities this versatile language offers.
Read more
Nov 2023 50 hours 30 minutes
Python – Complete Python, Django, Data Science and ML Guide
Python – Complete Python, Django, Data Science and ML Guide
Read more
Unlock Python's full potential with this 50+ hour course! From programming to web and game development, data manipulation, and machine learning, gain the skills required to succeed in various Python-related careers. With practical tasks, hands-on experience, and a strong foundation in Python, you'll be ready to tackle real-world challenges and take advantage of the many opportunities this versatile language offers.
Read more
Nov 2023 50 hours 30 minutes
Right arrow icon