The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws |
|
|
|
| Title: | The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws |
| Author: | Dafydd Stuttard
Marcus Pinto |
| Publisher: | Wiley [Website] |
| Type: | Book / Paperback |
| Publication Date: | 22 October, 2007 |
| ISBN / ISBN-13: | 0470170778 / 9780470170779 |
| List Price: | $50.00 |
| You Save: | $18.50 |
| Amazon Price: | $31.50 |
|
This book is also available, brand-new, from 3rd-party marketplace sellers at Amazon.com, from $27.44.
|
The HTML code below can be pasted onto your web-site, your MySpace page, or blog - or any number of similar places - to create a link to this page:
If, instead of a text link, you'd like to create a link to this page which will display the book cover, if it's available, then the code below will do exactly that:
Check for the same book at these other US book sites:
• [ Abebooks ]
• [ Alibris ]
• [ Barnes & Noble ]
• [ Half.com ]
• [ Powells ]
… or check UK bookstores
|
Editorial Review / Publisher's Information:
Product Description
This book is a practical guide to discovering and exploiting security flaws in web applications. The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications. The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results. The authors are professional penetration testers who have been involved in web application security for nearly a decade. They have presented training courses at the Black Hat security conferences throughout the world. Under the alias "PortSwigger", Dafydd developed the popular Burp Suite of web application hack tools.
|
Other Items You May Enjoy:
Browse Books From These Related Subjects:
Customer Reviews:
• Insightful, Prominent And Fascinating
01 February, 2010
This book overlaps Web Application (in)security from both the hacker and developer facades. It ubiquitously addresses them in a similar tone and manner, thus very useful and insightful for both.
The book starts with a fascinating, well written and notably professional introduction to Web Application insecurity and to the various aspects it entails. It goes on through acutely inspecting security malfunctions, breaches and different ways of tampering with thwarts e.g. SQL Injections, XSS, Brute force attacks.
The book is very worthwhile and comprehensive. It will definitely be insightful for every developer level, and a must-have reference for hackers.
- Amazon Customer Review
• An Essential Handbook For Web Hacking
07 February, 2010
In my opinion this is the essential handbook for web hacking. I've spent years doing web application pen tests and this book has always been on my desk as a valuable reference while hacking web sites (legally, of course), and writing reports. I highly recommend this book as an excellent source of information about website insecurities, how to defend web apps, and how to systematically compromise web sites. Also recommended is Burp Suite Professional which I have time and time again found invaluable.
- Amazon Customer Review
• Perfect For Auditors, Less Useful For Developers
09 March, 2009
I was hoping that this book would give me a clear conception of how to secure my web applications against potential attackers. It did, but only peripherally. Many of the book's pages are dedicated to hands-on examples of using tools to discover and exploit vulnerabilities. This also means that it's obsessed with the flaws in yesterday's technologies (e.g. older versions of ASP) that I would never touch for a new app.
Still, if you're developing a web application, this book is worth at least skimming through. And if you're in charge of patching up a legacy system, this should be your bible.
- Amazon Customer Review
• Serious Candidate For Best Book Bejtlich Read 2009
25 October, 2009
The Web Application Hacker's Handbook (TWAHH) is an excellent book. I read several books on Web application security recently, and this is my favorite. The text is very well-written, clear, and thorough. While the book is not suitable for beginners, it is accessible and easy to read for those even without Web development or assessment experience.
At 736 pages, TWAHH is the sort of book that one needs to read more than once in order to digest its contents. At every turn I perceived the authors to be experts and I trusted their advice. Their "Hack Steps" sections nicely summarize key points for operators. The authors integrate explanations of HTTP as a protocol into their text, without boring readers already familiar with the protocol. They also also demonstrate their subject using code snippets for multiple languages and products.
While I considered almost all of the book to be equally helpful, I'd like to mention three specific chapters or sections. First, chapters 1-3 provided a great technical overview of the subject. Chapter 11, Attacking Application Logic, featured examples from the authors' consulting experience which really resonated with me. Finally, I liked the recognition of the importance of locally-written applications, called "bespoke" applications, in chapter 13.
I struggled to find much to complain about in TWAHH. My only concern appeared early in the book, when the authors talked about "all user input is untrusted." They really meant "all user input is untrustworthy," or they should have said "Web developers should consider all user input to be untrusted, but they often trust it." The difference between "untrusted" and "untrustworthy" is subtle, and I still understood the authors' point.
I strongly recommend TWAHH to anyone with a role in defending Web applications. The authors have set a very high standard with this book. Great work!
- Amazon Customer Review
• Most Important Internet Security Book Available!!!
02 July, 2009
Not for the faint of heart kiddie scriptors.
This book actually shows just how vulnerable the Web really is and that it in fact is sometimes futile to hope for real security.
With that said though it also shows you what to be on the lookout for and how to make things MORE secure than you already may be.
It's a lot to absorb for those of us who have had no formal training but it's imperative that if you are even considering a career in computer repair/security or anything to do with the IT field, you'd better have this book on hand in your library of tools.
It takes you from Web design flaws to HTML bypasses to failures in the design of Operating Systems and that includes ALL OS's. Just because you're using a MAC don't think that you're really any more secure than any other OS. It's a book that will take several weeks to months to get through but you will be forever wiser for having invested the time in it.
An absolute must have!
- Amazon Customer Review
|
