Primer on Client-Side Web Security

This volume illustrates the continuous arms race between attackers and defenders of the Web ecosystem by discussing a wide variety of attacks. In the first part of the book, the foundation of the Web ecosystem is briefly recapped and discussed. Based on this model, the assets of the Web ecosystem are identified, and the set of capabilities an attacker may have are enumerated. In the second part, an overview of the web security vulnerability landscape is constructed. Included are selections of the most representative attack techniques reported in great detail. In addition to descriptions of the most common mitigation techniques, this primer also surveys the research and standardization activities related to each of the attack techniques, and gives insights into the prevalence of those very attacks. Moreover, the book provides practitioners a set of best practices to gradually improve the security of their web-enabled services. Primer on Client-Side Web Security expresses insights into the future of web application security. It points out the challenges of securing the Web platform, opportunities for future research, and trends toward improving Web security.

Provides a catalog of best practices for web security with existing countermeasures and emerging mitigation techniques Includes supplementary material: sn.pub/extras

Inhalt
The Relevance of Client-side Web Security.- Traditional Building Blocks of the Web.- The Browser as a Platform.- How Attackers Threaten the Web.- Attacks on the Network.- Attacks on the Browser's Requests.- Attacks on the User's Session.- Attacks on the Client-Side Context.- Attacks on the Client Device.- Improving Client-side Web Security.