Index Bookstores Magazines My Books Book Reviews Book Bytes About Us Help
Bublos.com
Find Books Faster … Buy Books Cheaper, at Bublos
The Web's Favorite Book Price Comparison Site
Barnes & Noble
Country:   Max. Timeout:       
  Join Bublos   Sign In   
 

The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws

The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws at Amazon.com


Share this book with other people •
 Link to This PageBublos Link Del.ico.usDel.icio.us 
 Tell a FriendTell a friend about this book 

ISBN: 0470170778 - The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws  
Title:The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws
Author:Dafydd Stuttard
Marcus Pinto
Publisher:Wiley  [Website]
Type:Book / Paperback
Publication Date:22 October, 2007
ISBN / ISBN-13:0470170778  /  9780470170779
List Price:$50.00
You Save:$18.50
Amazon Price:$31.50

*  This book is also available, brand-new, from 3rd-party marketplace sellers at Amazon.com, from $27.44.



Check for the same book at these other US book sites:

• [ Abebooks ]   • [ Alibris ]   • [ Barnes & Noble ]   • [ Half.com ]   • [ Powells ]     … or check UK bookstores
 
Editorial Review / Publisher's Information:

Product Description
This book is a practical guide to discovering and exploiting security flaws in web applications. The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications.

The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results.

The authors are professional penetration testers who have been involved in web application security for nearly a decade. They have presented training courses at the Black Hat security conferences throughout the world. Under the alias "PortSwigger", Dafydd developed the popular Burp Suite of web application hack tools.

Other Items You May Enjoy:
Browse Books From These Related Subjects:
•  All Subjects  ›› Specialty Stores  ›› Custom Stores  ›› New & Used Textbooks  ›› Computer Science  ›› General AAS  
•  All Subjects  ›› Specialty Stores  ›› Custom Stores  ›› New & Used Textbooks  ›› General AAS  
•  All Subjects  ›› Specialty Stores  ›› Textbooks Trade-In & Buyback  
•  All Subjects  ›› Subjects  ›› Computers & Internet  ›› Business & Culture  ›› Hacking  
•  All Subjects  ›› Subjects  ›› Computers & Internet  ›› Business & Culture  ›› Privacy  
•  All Subjects  ›› Subjects  ›› Computers & Internet  ›› Certification Central  ›› Exams  ›› Security+  
•  All Subjects  ›› Subjects  ›› Computers & Internet  ›› Networking  ›› Networks, Protocols & APIs  ›› General  
•  All Subjects  ›› Subjects  ›› Computers & Internet  ›› Networking  ›› Network Security  
•  All Subjects  ›› Subjects  ›› Computers & Internet  ›› Networking  ›› General  
•  All Subjects  ›› Subjects  ›› Computers & Internet  ›› Web Development  ›› Web Services  
•  All Subjects  ›› Subjects  ›› Computers & Internet  ›› General  
•  Mass Market  ›› Paperback  
•  Trade  
•  All Subjects  ›› Refinements  ›› Binding (binding)  
•  All Subjects  ›› Refinements  ›› Format (feature_browse-bin)  ›› Printed Books  

Customer Reviews:

 • Insightful, Prominent And Fascinating
01 February, 2010

This book overlaps Web Application (in)security from both the hacker and developer facades. It ubiquitously addresses them in a similar tone and manner, thus very useful and insightful for both. The book starts with a fascinating, well written and notably professional introduction to Web Application insecurity and to the various aspects it entails. It goes on through acutely inspecting security malfunctions, breaches and different ways of tampering with thwarts e.g. SQL Injections, XSS, Brute force attacks. The book is very worthwhile and comprehensive. It will definitely be insightful for every developer level, and a must-have reference for hackers.

- Amazon Customer Review

 • An Essential Handbook For Web Hacking
07 February, 2010

In my opinion this is the essential handbook for web hacking. I've spent years doing web application pen tests and this book has always been on my desk as a valuable reference while hacking web sites (legally, of course), and writing reports. I highly recommend this book as an excellent source of information about website insecurities, how to defend web apps, and how to systematically compromise web sites. Also recommended is Burp Suite Professional which I have time and time again found invaluable.

- Amazon Customer Review

 • Perfect For Auditors, Less Useful For Developers
09 March, 2009

I was hoping that this book would give me a clear conception of how to secure my web applications against potential attackers. It did, but only peripherally. Many of the book's pages are dedicated to hands-on examples of using tools to discover and exploit vulnerabilities. This also means that it's obsessed with the flaws in yesterday's technologies (e.g. older versions of ASP) that I would never touch for a new app. Still, if you're developing a web application, this book is worth at least skimming through. And if you're in charge of patching up a legacy system, this should be your bible.

- Amazon Customer Review

 • Serious Candidate For Best Book Bejtlich Read 2009
25 October, 2009

The Web Application Hacker's Handbook (TWAHH) is an excellent book. I read several books on Web application security recently, and this is my favorite. The text is very well-written, clear, and thorough. While the book is not suitable for beginners, it is accessible and easy to read for those even without Web development or assessment experience. At 736 pages, TWAHH is the sort of book that one needs to read more than once in order to digest its contents. At every turn I perceived the authors to be experts and I trusted their advice. Their "Hack Steps" sections nicely summarize key points for operators. The authors integrate explanations of HTTP as a protocol into their text, without boring readers already familiar with the protocol. They also also demonstrate their subject using code snippets for multiple languages and products. While I considered almost all of the book to be equally helpful, I'd like to mention three specific chapters or sections. First, chapters 1-3 provided a great technical overview of the subject. Chapter 11, Attacking Application Logic, featured examples from the authors' consulting experience which really resonated with me. Finally, I liked the recognition of the importance of locally-written applications, called "bespoke" applications, in chapter 13. I struggled to find much to complain about in TWAHH. My only concern appeared early in the book, when the authors talked about "all user input is untrusted." They really meant "all user input is untrustworthy," or they should have said "Web developers should consider all user input to be untrusted, but they often trust it." The difference between "untrusted" and "untrustworthy" is subtle, and I still understood the authors' point. I strongly recommend TWAHH to anyone with a role in defending Web applications. The authors have set a very high standard with this book. Great work!

- Amazon Customer Review

 • Most Important Internet Security Book Available!!!
02 July, 2009

Not for the faint of heart kiddie scriptors. This book actually shows just how vulnerable the Web really is and that it in fact is sometimes futile to hope for real security. With that said though it also shows you what to be on the lookout for and how to make things MORE secure than you already may be. It's a lot to absorb for those of us who have had no formal training but it's imperative that if you are even considering a career in computer repair/security or anything to do with the IT field, you'd better have this book on hand in your library of tools. It takes you from Web design flaws to HTML bypasses to failures in the design of Operating Systems and that includes ALL OS's. Just because you're using a MAC don't think that you're really any more secure than any other OS. It's a book that will take several weeks to months to get through but you will be forever wiser for having invested the time in it. An absolute must have!

- Amazon Customer Review


  • International bookstores from Amazon: ›› more online bookstores >  
 
    United States United States Canada Amazon Canada France France Germany Germany Japan Japan Spain Spanish books United Kingdom United Kingdom (UK)


Bookstores  |  Magazines  |  My Books  |  Book Bytes  |  Book Reviews  |  Rare Books  |  Help  |  Privacy  |  Top-Ten Book Lists  |  Web Directory  |  Tell-a-Friend  |  Bublos Rewards  |  Set Preferences  |  Contact Us  |  My Bookstores  |  Links to Bublos  |   Link-to-Me  |  About Bublos  |  


 Copyright © 1999 - 2010 Bublos Inc. All rights reserved.