Primer on Client-Side Web Security by Philippe De RyckPrimer on Client-Side Web Security by Philippe De Ryck

Primer on Client-Side Web Security

byPhilippe De Ryck, Lieven Desmet, Frank Piessens

Paperback | December 5, 2014

Pricing and Purchase Info


Earn 485 plum® points

Prices and offers may vary in store


In stock online

Ships free on orders over $25

Not available in stores


This volume illustrates the continuous arms race between attackers and defenders of the Web ecosystem by discussing a wide variety of attacks. In the first part of the book, the foundation of the Web ecosystem is briefly recapped and discussed. Based on this model, the assets of the Web ecosystem are identified, and the set of capabilities an attacker may have are enumerated. In the second part, an overview of the web security vulnerability landscape is constructed. Included are selections of the most representative attack techniques reported in great detail. In addition to descriptions of the most common mitigation techniques, this primer also surveys the research and standardization activities related to each of the attack techniques, and gives insights into the prevalence of those very attacks. Moreover, the book provides practitioners a set of best practices to gradually improve the security of their web-enabled services. Primer on Client-Side Web Security expresses insights into the future of web application security. It points out the challenges of securing the Web platform, opportunities for future research, and trends toward improving Web security.
Title:Primer on Client-Side Web SecurityFormat:PaperbackDimensions:111 pages, 23.5 × 15.5 × 0.02 inPublished:December 5, 2014Publisher:Springer-Verlag/Sci-Tech/TradeLanguage:English

The following ISBNs are associated with this title:

ISBN - 10:3319122258

ISBN - 13:9783319122250


Table of Contents

The Relevance of Client-side Web Security.- The Web at a Glance.- Client-side Web Security.- Purpose of this Book.- Traditional Building Blocks of the Web.- Traditional Web Technology.- Loading Web Content.- Authentication and Authorization.- Cookies and Session Management.- Browser Security Policies.- Extending the Client-side Features.- Enhancing the User's Window on the Web.- The Browser as a Platform.- The Synergy between Browsers and Devices.- From Rendering Engine to Feature-rich Platform.- Client-side Storage.- Communication Mechanisms.- Mobile Features.- Registering Default Applications.- Transforming the Browser into an Operating System.- How Attackers Threaten the Web.- Threat Models in Literature.- Threat Models as Concrete Attacker Capabilities.- Conclusion.- Attacks on the Network.- Eavesdropping Attacks .- Man-in-the-Middle Attacks.- Protocol-level Attacks on HTTPS.- Attacks on the Browser's Requests.- Cross-Site Request Forgery.- UI Redressing.- Attacks on the User's Session.- Session Hijacking.- Session Fixation.- Authenticating with Stolen Credentials.- Attacks on the Client-Side Context.- Cross-Site Scripting.- Scriptless Injection Attacks.- Compromised Script Inclusions.- Attacks on the Client Device.- Drive-by Downloads.- Malicious Browser Extensions.- Improving Client-side Web Security.- Overview of Best Practices.- Secure Communication Channel.- Application-level Techniques.- Security Policies.- Research-driven Security Technology.- Conclusion.