Application Security

  1. Specialized Application Security Domains
    1. API Security
      1. API Security Fundamentals
        1. API Attack Surface
          1. API Security Models
            1. API Governance
            2. REST API Security
              1. HTTP Method Security
                1. Resource Protection
                  1. State Management
                  2. GraphQL Security
                    1. Query Complexity Attacks
                      1. Authorization in GraphQL
                        1. Rate Limiting Strategies
                        2. API Authentication and Authorization
                          1. OAuth 2.0 Implementation
                            1. JWT Security Considerations
                              1. API Key Management
                              2. API Security Testing
                                1. Automated API Testing
                                  1. Manual API Testing
                                    1. API Fuzzing
                                  2. Mobile Application Security
                                    1. Mobile Security Fundamentals
                                      1. Mobile Threat Landscape
                                        1. Platform Security Models
                                          1. Mobile Attack Vectors
                                          2. iOS Security
                                            1. iOS Security Architecture
                                              1. App Store Security
                                                1. iOS-Specific Vulnerabilities
                                                2. Android Security
                                                  1. Android Security Model
                                                    1. Permission System
                                                      1. Android-Specific Risks
                                                      2. Mobile Application Testing
                                                        1. Static Analysis for Mobile
                                                          1. Dynamic Analysis for Mobile
                                                            1. Runtime Application Testing
                                                            2. Mobile Security Controls
                                                              1. Code Obfuscation
                                                                1. Anti-Tampering
                                                                  1. Certificate Pinning
                                                                2. Cloud-Native Security
                                                                  1. Cloud Security Fundamentals
                                                                    1. Shared Responsibility Model
                                                                      1. Cloud Service Models
                                                                        1. Cloud Deployment Models
                                                                        2. Container Security
                                                                          1. Container Image Security
                                                                            1. Runtime Security
                                                                              1. Orchestration Security
                                                                              2. Serverless Security
                                                                                1. Function Security
                                                                                  1. Event-Driven Security
                                                                                    1. Serverless Monitoring
                                                                                    2. Microservices Security
                                                                                      1. Service-to-Service Communication
                                                                                        1. API Gateway Security
                                                                                          1. Service Mesh Security
                                                                                          2. Cloud Security Tools
                                                                                            1. Cloud Security Posture Management
                                                                                              1. Cloud Workload Protection
                                                                                                1. Cloud Access Security Brokers
                                                                                              2. Client-Side Security
                                                                                                1. Browser Security Model
                                                                                                  1. Same-Origin Policy
                                                                                                    1. Content Security Policy
                                                                                                      1. Cross-Origin Resource Sharing
                                                                                                      2. Client-Side Vulnerabilities
                                                                                                        1. DOM-Based Attacks
                                                                                                          1. Client-Side Injection
                                                                                                            1. Clickjacking
                                                                                                            2. Client-Side Protection Mechanisms
                                                                                                              1. HTTP Security Headers
                                                                                                                1. Subresource Integrity
                                                                                                                  1. Feature Policy
                                                                                                                  2. Third-Party Content Security
                                                                                                                    1. Third-Party Script Risks
                                                                                                                      1. Content Delivery Network Security
                                                                                                                        1. Widget and Plugin Security

                                                                                                                    Previous

                                                                                                                    12. Vulnerability Management and Incident Response

                                                                                                                    Go to top

                                                                                                                    Next

                                                                                                                    14. Application Security Program Management