The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws | 
|  | | | Title: | The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws | | Author: | Dafydd Stuttard
Marcus Pinto | | Publisher: | Wiley [Website] | | Type: | Book / Paperback | | Publication Date: | 22 October, 2007 | | ISBN / ISBN-13: | 0470170778 / 9780470170779 | | List Price: | $50.00 | | You Save: | $18.50 | | Amazon Price: | $31.50 | |
 This book is also available, brand-new, from 3rd-party marketplace sellers at Amazon.com, from $27.23. |
The HTML code below can be pasted onto your web-site, your MySpace page, or blog - or any number of similar places - to create a link to this page: If, instead of a text link, you'd like to create a link to this page which will display the book cover, if it's available, then the code below will do exactly that:
Check for the same book at these other US book sites:
• [ Abebooks ] • [ Alibris ] • [ Barnes & Noble ] • [ Half.com ] • [ Powells ] … or check UK bookstores
| Editorial Review / Publisher's Information:
Product Description
This book is a practical guide to discovering and exploiting security flaws in web applications. The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications. The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results. The authors are professional penetration testers who have been involved in web application security for nearly a decade. They have presented training courses at the Black Hat security conferences throughout the world. Under the alias "PortSwigger", Dafydd developed the popular Burp Suite of web application hack tools.
| Other Items You May Enjoy:
Browse Books From These Related Subjects:
Customer Reviews:
• Good Book 29 October, 2008
This was my first web application security book. I've been reading online blogs and web-sites about web security for a while, and I've been waiting for this book to come out. Because of the lack of web security books on the market. But I am impressed with this book. It covers just about everything and shows the reader how hackers exploit web applications in a multitude of ways. This will definately help me secure my own websites and I'm already practicing a lot of what I've learned in this book for security at my company.
I actually was able to log into my jobs intranet website as administrator using some of the techniques I learned from this book. Then I went to my boss and showed him how and then showed how we can prevent it. Short story short they were impressed.
- Reviewed by customer ID: A2DX4WK9Q3RYJZ
• Perfect For Auditors, Less Useful For Developers 09 March, 2009
I was hoping that this book would give me a clear conception of how to secure my web applications against potential attackers. It did, but only peripherally. Many of the book's pages are dedicated to hands-on examples of using tools to discover and exploit vulnerabilities. This also means that it's obsessed with the flaws in yesterday's technologies (e.g. older versions of ASP) that I would never touch for a new app.
Still, if you're developing a web application, this book is worth at least skimming through. And if you're in charge of patching up a legacy system, this should be your bible.
- Reviewed by customer ID: A70NFM6KHU24F
• Great Reference 24 February, 2009
Great book. The beginning has some good explanation of how web apps are constructed. This section is a little tedious if you already know this material, but it is a good review, none the less. The rest of the book is an explanation of web application exploits. I particularly like the review questions at the end of each chapter. Also, be sure to play with the tools cited in the book.
- Reviewed by customer ID: A3VO34MPSY947W
• Most Important Internet Security Book Available!!! 02 July, 2009
Not for the faint of heart kiddie scriptors.
This book actually shows just how vulnerable the Web really is and that it in fact is sometimes futile to hope for real security.
With that said though it also shows you what to be on the lookout for and how to make things MORE secure than you already may be.
It's a lot to absorb for those of us who have had no formal training but it's imperative that if you are even considering a career in computer repair/security or anything to do with the IT field, you'd better have this book on hand in your library of tools.
It takes you from Web design flaws to HTML bypasses to failures in the design of Operating Systems and that includes ALL OS's. Just because you're using a MAC don't think that you're really any more secure than any other OS. It's a book that will take several weeks to months to get through but you will be forever wiser for having invested the time in it.
An absolute must have!
- Reviewed by customer ID: A289FXC6J23Z9X
• More Than Just Words! 22 February, 2008
This is an excellent book. Many books of this nature leave you wanting. They talk in complicated jargon, excite you about learning new concepts, and then leave you hanging with no real application of what you are learning. This is not the case with This book.
This book is excellent for both the beginner and the advanced! Plenty of real examples! Walks the beginner through the concepts of foot printing. It explains the technologies and then for the advanced it talks about creating custom code for each vulnerability.
This is a must have for any security professional's library! it was worth every penny!
- Reviewed by customer ID: A27U2TWXJM7R2Y
|
