|
 |
|
 |
 |
The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws
|
(Paperback - Oct. 22, 2007)
by Dafydd Stuttard
Sales Rank: 21701
|
List Price: $50.00
$29.96
At Amazon
|
|
Paperback: 768 pages
Publisher: Wiley October 22, 2007
Language: English
ISBN-10: 9780470170779
ISBN-13: 978-0470170779
ASIN: 0470170778
Product Dimensions:
7.4 x 1.6 x 9.3 inches
Shipping Weight: 2.4 pounds
Review
"If you have an interest in web application security, I would highly recommend picking up a copy of this book, especially if you’re interested in being able to audit applications for vulnerabilities". — Robert Wesley McGrew, McGrew Security
Customer Reviews & Comments
This is the most important IT security title written in the past year or more. Why? Custom web applications offer more opportunities for exploitation than all of the publicized vulnerabilities your hear about combined. This book gives expert treatment to the subject. I found the writing to be very clear and concise in this 727 page volume. There is minimal fluff. While everything is clearly explained, this is not a beginners book. The authors assume that you can read html, JavaScript, etc... Usually with a book like this there are a few really good chapters and some so-so chapters, but that's not the case here. Chapters 3-18 in this book rock all the way through. Another huge plus is the tools in this book are free.
The first few chapters provide context and background information. Chapter 3 on Web Application Technologies provides particularly useful background info. The next 666 pages of the book are all about attacking the applications.
There next five chapters cover mapping application functionality, client side controls, authentication, sessions, and access controls. The coverage is comprehensive. I'm not new to these topics, but I learned so much in every chapter. The depth of coverage is amazing.
The next six chapters are the heart of this book. They cover injection, path traversal, application logic, XSS and related attacks, automating attacks, and information disclosure. You'll find full treatment of attacks we're all familiar with like SQL injection and cross site scripting as well as many that most of us haven't heard of before. The danger is real and these chapters need to be read.
The final next four chapters cover attacks against compiled applications, application architecture, web servers, and source code. The final two chapters are more useful as a quick reference. They provide an overview of the tools covered throughout the book and describe attack methodology discussed throughout the book for exploiting each technology.
This book scores five easily based on the relevance and value of the information.
|
The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws
List Price: $50.00
Available from Amazon
Price: $29.96
| |
|
|
|
|
