The Web Application Hacker's Handbook and over 1.5 million other books are available for Amazon Kindle . Learn more

Buy Used
Used - Good See details
Price: £10.84
Fulfilled by Amazon

or
Sign in to turn on 1-Click ordering.
 
   
Trade in Yours
For a £0.70 Gift Card
Trade in
Have one to sell? Sell yours here
Sorry, this item is not available in
Image not available for
Colour:
Image not available

 
Share your own customer images
Search inside this book
Start reading The Web Application Hacker's Handbook on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws [Paperback]

Dafydd Stuttard (Author), Marcus Pinto (Author)
4.8 out of 5 stars  See all reviews (6 customer reviews)

Available from these sellers.


Formats

 Amazon Price New from Used from
Kindle Edition £22.99   -- --
Paperback --   -- --
Trade In this Item for up to £0.70
Trade in The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws for an Amazon.co.uk gift card of up to £0.70, which you can then spend on millions of items across the site. Trade-in values may vary (terms apply). Special Offer until June 30, 2013: Receive an additional £5 promotional Gift Card, when you trade-in at least £10 worth of books. Learn more
There is a newer edition of this item:
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws: Discovering and Exploiting Security Flaws The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws: Discovering and Exploiting Security Flaws 4.5 out of 5 stars (6)
£21.75
In stock.

Book Description

Publication Date: 19 Oct 2007 | ISBN-10: 0470170778 | ISBN-13: 978-0470170779
This book is a practical guide to discovering and exploiting security flaws in web applications. The authors explain each category of vulnerability using real–world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e–commerce and other web applications. The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results. The authors are professional penetration testers who have been involved in web application security for nearly a decade. They have presented training courses at the Black Hat security conferences throughout the world. Under the alias "PortSwigger", Dafydd developed the popular Burp Suite of web application hack tools.

Product details

  • Paperback: 768 pages
  • Publisher: John Wiley & Sons (19 Oct 2007)
  • Language: English
  • ISBN-10: 0470170778
  • ISBN-13: 978-0470170779
  • Product Dimensions: 18.8 x 4 x 23.6 cm
  • Average Customer Review: 4.8 out of 5 stars  See all reviews (6 customer reviews)
  • Amazon Bestsellers Rank: 313,762 in Books (See Top 100 in Books)

    •  Would you like to update product info or give feedback on images?

  • See Complete Table of Contents

More About the Authors

Discover books, learn about writers, and more.
Dafydd Stuttard
Marcus Pinto

Product Description

Review

"If you have an interest in web application security, I would highly recommend picking up a copy of this book, especially if you’re interested in being able to audit applications for vulnerabilities". — Robert Wesley McGrew, McGrew Security

From the Back Cover

Hack the planet Web applications are everywhere, and they′re insecure. Banks, retailers, and others have deployed millions of applications that are full of holes, allowing attackers to steal personal data, carry out fraud, and compromise other systems. This innovative book shows you how they do it. This is hands–on stuff. The authors, recognized experts in security testing, take a practical approach, showing you the detailed steps involved in finding and exploiting security flaws in web applications. You will learn to: Defeat an application′s core defense mechanisms and gain unauthorized access, even to the most apparently secure applications Map attack surfaces and recognize potential entry points Break client–side controls implemented within HTML, Java®, ActiveX®, and Flash® Uncover subtle logic flaws that leave applications exposed Use automation to speed up your attacks, with devastating results Delve into source code and spot common vulnerabilities in languages like C#, Java, and PHP Know your enemy To defend an application, you must first know its weaknesses. If you design or maintain web applications, this book will arm you with the protective measures you need to prevent all of the attacks described. If you′re a developer, it will show you exactly where and how to strengthen your defenses. Additional resources online at www.wiley.com/go/webhacker Source code for scripts in this book Links to tools and resources Checklist of tasks involved in attacking applications Answers to the questions posed in each chapter A hacking challenge prepared by the authors
See all Product Description
Inside This Book (Learn More)
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index | Back Cover
Search inside this book:

Customer Reviews

5 star
5
4 star
1
3 star
0
2 star
0
1 star
0
4.8 out of 5 stars
6 reviews
4.8 out of 5 stars
Most Helpful Customer Reviews
5 of 5 people found the following review helpful
5.0 out of 5 stars Good read 11 July 2009
By Kiffin Gish
Format:Paperback
This book is quite thick but it covers just about any aspect of web application security that one could possibly imagine. It provides a very readable content without diving into too much technical detail. Rather than focusing on a single technology, it covers various web frameworks and their specific vulnerabilities. Perhaps the most valuable part of the book is the final chapter in which an excellent methodology checklist is provided which allows one to verify security of a given web application step by step. After having finished this book I came to realize how valuable awareness of security issues is to the long term success of a give web application which must not only perform well but remain robust and stable to any and all security attacks.
Comment | 
Was this review helpful to you?
Yes
No
2 of 2 people found the following review helpful
5.0 out of 5 stars Can't get better than this! 8 Oct 2009
By Michail Poultsakis
Format:Paperback
If you have already purchased this book then you are in a very good way to find out truths and lies on Web Application penetration testing. This book touches almost all topics that regard Web Application security and attack vectors/methods (my only objection is the lack of Web Services security).

Since there is no book that does-it-all, following the provided references is mandatory to successfully digest the entire information. Along with Andreu's, this is one of the books that will stay for long as an asset in your arsenal and operate as an day-to-day reference on Web Application pentesting.
Comment | 
Was this review helpful to you?
Yes
No
6 of 7 people found the following review helpful
5.0 out of 5 stars The Best Web Application Security Book To Date 22 Feb 2008
By Mr. Gary Oleary Steele
Format:Paperback
The Web Application Hackers Handbook continues the tradition of the other books in the "Hackers Handbook" series in being specifically written for people who are serious about testing and protecting the security of their network and applications.
As a full time Application tester most of the books I've read have been of little use, typically providing page filler examples of vulnerabilities and techniques that have been and gone or have offered little in the way of new information. This book however is bang up to date and teaches assessment techniques that will still be current for a long time to come.
If you're hoping to pursue a career in security, need the best reference available, or are trying to get to grips with the threats posed to your web application, you should buy this book.

At our organisation all of our technical staff have a copy and have all found it useful.
Comment | 
Was this review helpful to you?
Yes
No
5.0 out of 5 stars Probably the best book for webapp pentesting 13 Mar 2013
By silas francisco
Format:Paperback|Amazon Verified Purchase
I think it doesn't have a very good chapter about SQLi (teaching sqlmap for example), but it covers almost everything you will need to test on a webapp.

It's somewhat focused in Burp Suite, a software made (I believe) by the authors of the book. But that shouldn't be a problem because it's the software you are probably going to use, as it is the less expensive and most stable software of the kind.
Comment | 
Was this review helpful to you?
Yes
No
5.0 out of 5 stars A must have book for web app security testers 20 Sep 2011
By Sam Hartley
Format:Kindle Edition|Amazon Verified Purchase
I don't think there is another book that comes close to the Web Application Hackers Handbook at the moment. This book is well thought out and is both great to read from front to back on your first time through and then to use as a reference book later on.

I have heard it referred to as the manual for Burp Suite Pro but as Burp Suite Pro should be in every web pen testers toolkit I don't think that is a bad thing. It does cover other tools too but the most important part is that it helps you understand what goes wrong with web apps and how to discover and exploit their flaws, this is much more important for web application security testing than knowing how to click 'go' on an automated scanner.

I am looking forward to receiving the second edition and trying out the labs, it is not often in day-to-day pentesting that you get to practice all the techniques discussed in the book so the labs are a welcome edition.
Comment | 
Was this review helpful to you?
Yes
No
4.0 out of 5 stars Very Good 6 Dec 2009
By M. Payne
Format:Paperback
Perhaps not as much detail as I was looking for, but a good starting point for those with little experience in the area.
Comment | 
Was this review helpful to you?
Yes
No
Would you like to see more reviews about this item?
Were these reviews helpful?   Let us know
Search Customer Reviews
Only search this product's reviews

There's a problem loading this menu at the moment.

Learn more about Amazon Prime.

    Your Shopping Basket is empty.

    Give it purpose -- fill it with books, DVDs, clothes, electronics and more.

    If you already have an account, sign in.

    There's a problem previewing your shopping basket at the moment.

    Check your Internet connection and go to your cart, or try again.

    View Shopping Basket (0 items)

      Customer Discussions

      This product's forum
      Discussion Replies Latest Post
      No discussions yet

      Ask questions, Share opinions, Gain insight
      Start a new discussion
      Topic:
      First post:
      Prompts for sign-in
       

      Search Customer Discussions
      Search all Amazon discussions
         
      Related forums

      Listmania!

      Create a Listmania! list

      Look for similar items by category

      Feedback