In this chapter
- How hackers attack you and why
- How you will be affected if your site gets hacked
- How paranoid you should be
- How to start addressing the risk of being hacked
Launching a web application on the internet is a daunting task. The steps you take along the road to deploying a web app can be onerous: designing and coding your web pages, adding interactivity using JavaScript, implementing the backend services and connecting them to a data store, choosing a hosting platform, and registering a domain name. The result is worthwhile, of course: your website will be available to billions of users immediately, thanks to the magic of the internet.
Not all these users have good intentions, though. The internet hosts a complex ecosystem of scripts, bots, and hackers who will try to abuse any security flaws in your web app for nefarious ends. This is probably the most disconcerting aspect of web development: after all the work you put into building your web application, someone will immediately come along to kick the tires and scratch the paintwork.
Because you are reading this book, you are likely a developer who is wary of these security risks and who wants to learn how to protect yourself. This book is a comprehensive guide to web security: you will learn how to secure your web apps in the browser, on the network, on the server, and at code level. I will also introduce the key security principles that can be applied at each level of abstraction.