Introduction

The Website Security Book gives both an introduction to website security and a guide to advanced website security techniques.

Attacks against websites and web applications are on the rise and are steadily increasing in sophistication. With this increasing sophistication comes an increase in the range and number of websites at risk of attack. These attacks are no longer confined to high-profile websites - they now threaten all websites and web apps. If your website is not properly defended, it will be easy pickings when the attackers come knocking. Unfortunately, few websites are properly defended by default - standard programming techniques frequently introduce significant vulnerabilities into websites. To properly defend a website requires a focused effort and a knowledge of website security issues which few programmers possess, regardless of their programming skill.

This book aims to provide programmers with the knowledge they need to produce secure websites and secure existing websites. It aims to catalogue the unfortunately large range of attacks against websites, to get out on the table the problems the programmer faces. It then provides techniques for reducing or eliminating the threat of, and damage caused by, these attacks.

This book is a work in progress both in the sense that it is not yet complete and in the sense that it probably never will be as I plan to update it continually as new attack and defense techniques are published.

If you are looking for an introduction to website security, then you may want to take a look at the following attacks as they are among the biggest threats to many current websites:

Website attacks