Application Security

13.

Specialized Application Security Domains

13.1.

13.1.1.

API Security Fundamentals

13.1.1.1.

API Attack Surface

13.1.1.2.

API Security Models

13.1.1.3.

13.1.2.

REST API Security

13.1.2.1.

HTTP Method Security

13.1.2.2.

Resource Protection

13.1.2.3.

State Management

13.1.3.

GraphQL Security

13.1.3.1.

Query Complexity Attacks

13.1.3.2.

Authorization in GraphQL

13.1.3.3.

Rate Limiting Strategies

13.1.4.

API Authentication and Authorization

13.1.4.1.

OAuth 2.0 Implementation

13.1.4.2.

JWT Security Considerations

13.1.4.3.

API Key Management

13.1.5.

API Security Testing

13.1.5.1.

Automated API Testing

13.1.5.2.

Manual API Testing

13.1.5.3.

13.2.

Mobile Application Security

13.2.1.

Mobile Security Fundamentals

13.2.1.1.

Mobile Threat Landscape

13.2.1.2.

Platform Security Models

13.2.1.3.

Mobile Attack Vectors

13.2.2.

13.2.2.1.

iOS Security Architecture

13.2.2.2.

App Store Security

13.2.2.3.

iOS-Specific Vulnerabilities

13.2.3.

Android Security

13.2.3.1.

Android Security Model

13.2.3.2.

Permission System

13.2.3.3.

Android-Specific Risks

13.2.4.

Mobile Application Testing

13.2.4.1.

Static Analysis for Mobile

13.2.4.2.

Dynamic Analysis for Mobile

13.2.4.3.

Runtime Application Testing

13.2.5.

Mobile Security Controls

13.2.5.1.

Code Obfuscation

13.2.5.2.

13.2.5.3.

Certificate Pinning

13.3.

Cloud-Native Security

13.3.1.

Cloud Security Fundamentals

13.3.1.1.

Shared Responsibility Model

13.3.1.2.

Cloud Service Models

13.3.1.3.

Cloud Deployment Models

13.3.2.

Container Security

13.3.2.1.

Container Image Security

13.3.2.2.

Runtime Security

13.3.2.3.

Orchestration Security

13.3.3.

Serverless Security

13.3.3.1.

Function Security

13.3.3.2.

Event-Driven Security

13.3.3.3.

Serverless Monitoring

13.3.4.

Microservices Security

13.3.4.1.

Service-to-Service Communication

13.3.4.2.

API Gateway Security

13.3.4.3.

Service Mesh Security

13.3.5.

Cloud Security Tools

13.3.5.1.

Cloud Security Posture Management

13.3.5.2.

Cloud Workload Protection

13.3.5.3.

Cloud Access Security Brokers

13.4.

Client-Side Security

13.4.1.

Browser Security Model

13.4.1.1.

Same-Origin Policy

13.4.1.2.

Content Security Policy

13.4.1.3.

Cross-Origin Resource Sharing

13.4.2.

Client-Side Vulnerabilities

13.4.2.1.

DOM-Based Attacks

13.4.2.2.

Client-Side Injection

13.4.2.3.

13.4.3.

Client-Side Protection Mechanisms

13.4.3.1.

HTTP Security Headers

13.4.3.2.

Subresource Integrity

13.4.3.3.

13.4.4.

Third-Party Content Security

13.4.4.1.

Third-Party Script Risks

13.4.4.2.

Content Delivery Network Security

13.4.4.3.

Widget and Plugin Security

Previous

12. Vulnerability Management and Incident Response

Go to top

Next

14. Application Security Program Management