While many resources for network and IT security are available, detailed knowledge regarding modern web application security has been lacking—until now. This practical guide provides both offensive and defensive security concepts that software engineers can easily learn and apply.Andrew Hoffman, a senior security engineer at Salesforce, introduces three pillars of web application security: recon, offense, and defense. You’ll learn methods for effectively researching and analyzing modern web applications—including those you don’t have direct access to. You’ll also learn how to break into web applications using the latest hacking techniques. Finally, you’ll learn how to develop mitigations for use in your own web applications to protect against hackers.Explore common vulnerabilities plaguing today’s web applicationsLearn essential hacking techniques attackers use to exploit applicationsMap and document web applications for which you don’t have direct accessDevelop and deploy customized exploits that can bypass common defensesDevelop and deploy mitigations to protect your applications against hackersIntegrate secure coding best practices into your development lifecycleGet practical tips to help you improve the overall security of your web applications