Primer on Client-Side Web Security [Paperback]

This volume illustrates the continuous arms race between attackers and defenders of the Web ecosystem by discussing a wide variety of attacks.?In the first part of the book, the foundation of the Web ecosystem is briefly recapped and discussed. Based on this model, the assets of the Web ecosystem are identified, and the set of capabilities an attacker may have are enumerated.?In the second part, an overview of the web security vulnerability landscape is constructed. Included are selections of the most representative attack techniques reported in great detail. In addition to descriptions of the most common mitigation techniques, this primer also surveys the research and standardization activities related to each of the attack techniques, and gives insights into the prevalence of those very attacks. Moreover, the book provides practitioners a set of best practices to gradually improve the security of their web-enabled services. Primer on Client-Side Web Security expresses insights into the future of web application security. It points out the challenges of securing the Web platform, opportunities for future research, and trends toward improving Web security.The Relevance of Client-side Web Security.- The Web at a Glance.- Client-side Web Security.- Purpose of this Book.- Traditional Building Blocks of the Web.- Traditional Web Technology.- Loading Web Content.- Authentication and Authorization.- Cookies and Session Management.- Browser Security Policies.- Extending the Client-side Features.- Enhancing the User's Window on the Web.- The Browser as a Platform.- The Synergy between Browsers and Devices.- From Rendering Engine to Feature-rich Platform.- Client-side Storage.- Communication Mechanisms.- Mobile Features.- Registering Default Applications.- Transforming the Browser into an Operating System.- How Attackers Threaten the Web.- Threat Models in Literature.- Threat Models as Concrete Attacker Capabilities.- Conclusion.- Attacks on the Network.- Eavesdropping Attaclâ