Web application security is a branch of information security that deals specifically with security of websites and web applications. At a high level, Web application security draws on the principles of application security but applies them specifically to Internet and Web systems. Typically web applications are developed using programming languages such as PHP, Java EE, Java, Python, Ruby, ASP.NET, C#, VB.NET or Classic ASP. This book is your ultimate resource for Web Application Security. Here you will find the most up-to-date information, analysis, background and everything you need to know. In easy to read chapters, with extensive references and links to get you to know all there is to know about Web Application Security right away, covering: Web application security, Network security, Administrative domain, AEGIS SecureConnect, Aladdin Knowledge Systems, Alert Logic, Anomaly-based intrusion detection system, Anti-pharming, Anti-phishing software, Anti-worm, Application-level gateway, ARP spoofing, Asprox botnet, Attack (computer), Attack tree, Authentication server, Avaya Secure Network Access, Avaya VPN Router, Bagle (computer worm), Barracuda Networks, Bastion host, Black hole (networking), BLACKER, Blue Cube Security, BNC (software), Botnet, BredoLab botnet, Bro (software), Byzantine Foothold, Captive portal, Capture the flag, Check Point, Check Point Abra, Check Point VPN-1, Christmas tree packet, Cisco ASA, Cisco Global Exploiter, Cisco PIX, Cisco Security Agent, Cisco Systems VPN Client, Clarified Networks, Clear Channel Assessment attack, Client Puzzle Protocol, Cloudvpn, Codenomicon, Columbitech, Computer security, Context-based access control, ContraVirus, Core Impact, Core Security, Countermeasure (computer), Cryptek, Cutwail botnet, CVSS, CyberCIEGE, Dark Internet, Data breach, Deep packet inspection, Defense in depth (computing), Denial-of-service attack, Device fingerprint, DHIPDS, Differentiated security, Digital Postmarks, Digital security, Distributed firewall, DMZ (computing), DNS hijacking, Donbot botnet, Dual-homed, Egress filtering, Entrust, Evil bit, Extensible Threat Management (XTM), Extranet, Fail2ban, Fake AP, Finjan, Firewalk (computing), Firewall (computing), Firewall pinhole, Firewalls and Internet Security, Fortinet, Forward-confirmed reverse DNS, General Dynamics C4 Systems, Generalized TTL security mechanism, Global Internet Freedom Consortium, Greynet, Grum botnet, Guided tour puzzle protocol, Gumblar, Hole punching, Honeyd, HoneyMonkey, Honeynet Project, Honeypot (computing), Honeytoken, Host Identity Protocol, ICMP hole punching, Identity driven networking, IEC 62351, IEEE 802.1X, IF-MAP, Ingress filtering, Institute for Applied Network Security, Integrated Windows Authentication, Inter-protocol communication, Inter-protocol exploitation, Internet censorship, Internet security, Internet Storm Center, IntruShield, Network intrusion detection system, Intrusion prevention system, IP address spoofing, IP blocking, IP fragmentation attacks, Kaspersky Anti-Virus, Kerberos (protocol), Kerio Control, Key distribution center, Knowledge-based authentication, Kraken botnet, Lethic botnet, List of cyber attack threat trends, Lock-Keeper, Lorcon, Lumeta Corporation, MAC flooding, Managed security service, Managed VoIP Service, Mariposa botnet, Mega-D botnet, Messaging Security, Metasploit Project, Middlebox, Miredo, Mobile virtual private network, Monoculture (computer science), Mu Dynamics, MySecureCyberspace, NAT traversal, NeoAccel, NetBox Blue, Network Access Control, Network Admission Control, Network Based Application Recognition, Network encryption cracking...and much moreThis book explains in-depth the real drivers and workings of Web Application Security. It reduces the risk of your technology, time and resources investment decisions by enabling you to compare your understanding of Web Application Security with the objectivity of experienced professionals.