توضیحات
If you want to discover how to work with jvascript, this book is for you!
The web runs on jvascript is the dominant programming language for writing browser applications, and thanks to the Node.js runtime, it is increasingly common to see it in the back end too. The quality of jvascript code is crucial for security of web applications. This book, however, is not about general web application security. We will not address problems that can affect applications written in any programming language. We will focus on security issues that are unique to jvascript, and they are a result of its dynamic nature. I will teach you how to identify such vulnerabilities, how to fix them, and prevent those issues from creeping into your code. First, we will focus on the fundamental role that jvascript plays in web application security. jvascript can contain vulnerabilities, but in some cases it may even become an attack vector. There are two popular environments for running jvascript code, and both of them have very different security properties. First, we will take a look at how browsers run jvascript, and then we will see how Node.js is different.
Then, we will look at language features that may lead to security vulnerabilities, dynamic typing, dynamic code execution, and prototypal inheritance. We will wrap up with an example of a simple coding mistake, literally just a missing character, that leads to a significant leak of sensitive data. Information security professionals are well known for specific jargon to use. We will not use it here, but it is important to understand some basic concepts of web security. Attacks against web applications are carried out by people. You may have an image of a person in a black hoodie typing at their keyboard in their basement, but the reality is much more nuanced. Attackers differ based on their capabilities and motivations. They can be teenagers wanting to impress their friends, fired employees seeking revenge, as well as criminals breaking into applications for money. Attacks would not be possible without vulnerabilities. Vulnerabilities are technical flaws in the system that allow people with malicious intent to break into our applications and systems. They can be simple bugs in the code, fundamental architecture flaws or configuration mistakes. All of them can lead to data breaches. Those that usually hit the headlines are about leaking millions of sensitive data records, such as credit card numbers.
Data breaches can also involve abusing application functionality, for example toward their goods without paying or getting a refund for goods that were never purchased in the first place. The most common web application architecture has three tiers, the browser, the server, and the database jvascript code can run both in the browser and the user’s device, such as a laptop or smartphone, or on the server using Node.js. Vulnerabilities in code may allow attackers to breach access to the application datastore. A successful attack in a database may lead to a data breach that involves many users. The impact of a vulnerability in code is typically limited to a single user. That sounds like good news. Unfortunately, bugs in jvascript code running in a browser may allow attackers to impersonate the victim and to perform actions on their behalf. In this case, the vulnerable jvascript code becomes an attack vector.
Node.js is a runtime environment for jvascript based on the V8 engine built for the Google Chrome browser. The unusual thing about it is that it allows jvascript code to run outside of the browser. It has gained a lot of popularity and has proven to be a popular tool to build command line programs and web applications. It is quite different from the browser from a security perspective. Browsers download the code, and Node.js loads the code from local files, much like other popular programming languages. The permissions model is also different. Browsers treat the code as untrusted and restrict capabilities it has access to, and Node.js treats the code with full trust and grants access to all the privileges the operating system user has access to, including devices, files, and the local network. Attacks based on a security vulnerability in a browser may affect one victim at a time. Bugs in Node.js may allow for full server compromise, potentially leading to a serious data breach.
————————————————————–
ترجمه ماشینی :
اگر می خواهید نحوه کار با JVascript را کشف کنید ، این کتاب برای شما مناسب است!
وب در JVascript زبان برنامه نویسی غالب برای نوشتن برنامه های مرورگر است و به لطف زمان اجرا Node.js ، دیدن آن در انتهای عقب نیز به طور فزاینده ای معمول است. کیفیت کد JVAScript برای امنیت برنامه های وب بسیار مهم است. این کتاب ، با این حال ، مربوط به امنیت عمومی برنامه وب نیست. ما به مشکلاتی نمی پردازیم که می تواند برنامه های نوشته شده به هر زبان برنامه نویسی را تحت تأثیر قرار دهد. ما بر روی موضوعات امنیتی که منحصر به JVascript است ، تمرکز خواهیم کرد و آنها نتیجه ماهیت پویا آن هستند. من به شما یاد می دهم که چگونه چنین آسیب پذ
tag : دانلود کتاب برنامه نویسی Jvascript: 3 در 1 طراحی امنیتی ، عبارات و توسعه وب , Download برنامه نویسی Jvascript: 3 در 1 طراحی امنیتی ، عبارات و توسعه وب , دانلود برنامه نویسی Jvascript: 3 در 1 طراحی امنیتی ، عبارات و توسعه وب , Download jvascript Programming: 3 In 1 Security Design, Expressions And Web Development Book , برنامه نویسی Jvascript: 3 در 1 طراحی امنیتی ، عبارات و توسعه وب دانلود , buy برنامه نویسی Jvascript: 3 در 1 طراحی امنیتی ، عبارات و توسعه وب , خرید کتاب برنامه نویسی Jvascript: 3 در 1 طراحی امنیتی ، عبارات و توسعه وب , دانلود کتاب jvascript Programming: 3 In 1 Security Design, Expressions And Web Development , کتاب jvascript Programming: 3 In 1 Security Design, Expressions And Web Development , دانلود jvascript Programming: 3 In 1 Security Design, Expressions And Web Development , خرید jvascript Programming: 3 In 1 Security Design, Expressions And Web Development , خرید کتاب jvascript Programming: 3 In 1 Security Design, Expressions And Web Development ,
نقد و بررسیها
هنوز بررسیای ثبت نشده است.