The Web Application Hacker's Handbook and over 2 million other books are available for Amazon Kindle . Learn more
  • RRP: £33.99
  • You Save: £10.88 (32%)
FREE Delivery in the UK.
Only 8 left in stock (more on the way).
Dispatched from and sold by Amazon.
Gift-wrap available.
Quantity:1
The Web Application Hacke... has been added to your Basket
+ £2.80 UK delivery
Used: Good | Details
Sold by BookOutlet UK
Condition: Used: Good
Comment: Scratch & dent version. New book, may have cosmetic damage (i.e. no dust jacket...). Ships from Canada by Air Mail - Delivery within 2 to 3 weeks. Over 100,000 Amazon orders filled
Trade in your item
Get a £7.34
Gift Card.
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 2 images

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws Paperback – 5 Oct 2011


See all 3 formats and editions Hide other formats and editions
Amazon Price New from Used from
Kindle Edition
"Please retry"
Paperback
"Please retry"
£23.11
£15.65 £11.98
£23.11 FREE Delivery in the UK. Only 8 left in stock (more on the way). Dispatched from and sold by Amazon. Gift-wrap available.

Special Offers and Product Promotions

  • When you trade in £15 or more you’ll receive an additional £5 Amazon.co.uk Gift Card for the next time you spend £10 or more.

Frequently Bought Together

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws + Rtfm: Red Team Field Manual + Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers
Price For All Three: £52.84

Buy the selected items together


Trade In this Item for up to £7.34
Trade in The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws for an Amazon Gift Card of up to £7.34, which you can then spend on millions of items across the site. Trade-in values may vary (terms apply). Learn more

Product details

  • Paperback: 912 pages
  • Publisher: John Wiley & Sons; 2nd Edition edition (5 Oct. 2011)
  • Language: English
  • ISBN-10: 1118026470
  • ISBN-13: 978-1118026472
  • Product Dimensions: 18.8 x 4.3 x 23.6 cm
  • Average Customer Review: 4.5 out of 5 stars  See all reviews (14 customer reviews)
  • Amazon Bestsellers Rank: 35,741 in Books (See Top 100 in Books)
  • See Complete Table of Contents

More About the Author

Discover books, learn about writers, and more.

Product Description

From the Back Cover

New technologies. New attack techniques. Start hacking.

Web applications are everywhere, and they′re insecure. Banks, retailers, and others have deployed millions of applications that are full of holes, allowing attackers to steal personal data, carry out fraud, and compromise other systems. This book shows you how they do it.

This fully updated edition contains the very latest attack techniques and countermeasures, showing you how to break into today′s complex and highly functional applications. Roll up your sleeves and dig in.

  • Discover how cloud architectures and social networking have added exploitable attack surfaces to applications

  • Leverage the latest HTML features to deliver powerful cross–site scripting attacks

  • Deliver new injection exploits, including XML external entity and HTTP parameter pollution attacks

  • Learn how to break encrypted session tokens and other sensitive data found in cloud services

  • Discover how technologies like HTML5, REST, CSS and JSON can be exploited to attack applications and compromise users

  • Learn new techniques for automating attacksand dealing with CAPTCHAs and cross–site request forgery tokens

  • Steal sensitive data across domains using seemingly harmless application functions and new browser features

Find help and resources at http://mdsec.net/wahh

  • Source code for some of the scripts in the book

  • Links to tools and other resources

  • A checklist of tasks involved in most attacks

  • Answers to the questions posed in each chapter

  • Hundreds of interactive vulnerability labs

About the Author

DAFYDD STUTTARD is an independent security consultant, author, and software developer specializing in penetration testing of web applications and compiled software. Under the alias PortSwigger, Dafydd created the popular Burp Suite of hacking tools.

MARCUS PINTO delivers security consultancy and training on web application attack and defense to leading global organizations in the financial, government, telecom, gaming, and retail sectors.
The authors cofounded MDSec, a consulting company that provides training in attack and defense–based security.


Inside This Book (Learn More)
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index | Back Cover
Search inside this book:

Customer Reviews

4.5 out of 5 stars
Share your thoughts with other customers

Most Helpful Customer Reviews

7 of 7 people found the following review helpful By Amazon Customer on 21 Jun. 2013
Format: Paperback Verified Purchase
I had high hopes of this book being a great study aid for taking the Crest or Tigerscheme web application CTL exam.

I wanted a book to refer to and also an online lab environment to practice the topics discussed in the book - although I have purchased 50 hrs of supporting lab time, I am so disappointed with the supporting labs that I am actually writing this review whilst having an active lab session open a waste of $7 or whatever a lab hr is.

Firstly - when reading the book there are references to specific labs which should contain the same content discussed right ?? yeah well no unfortunately. Either the labs have been re-written since they wrote the book or a different person wrote the labs.

The lab menu itself doesn't include all of the labs mentioned in the book so you have to find them manually, which isn't to bad I suppose but when you do find the lab from putting the reference directly into the browser and follow the content exactly as per the book - you find that all of the parameters are different and out of context.

So you carry on and presume this is intended to get you thinking right ?? no wrong, unfortunately the vulnerabilities being discussed in the book are not present on all of the referenced labs - so it looks as though they have either been removed or re-written, hence why they are not directly linked to the online lab menu.

OK - so not ideal, but then you could just use the Labs independently to the book?? well yes you could but then this is supposed to be a learning environment right ?? so if you can't find the problem or are struggling you would want to refer to something or have some form of Help, hints, explanations or even answers as a last resort yeah??
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
5 of 5 people found the following review helpful By M. SMITH on 18 Dec. 2011
Format: Paperback Verified Purchase
I read this book in preparation for the Live Course which was presented by Marcus.

While reading the book i found it was quite dry because i was not doing the practical excersises available online. As you have to pay for them i wasn't sure if it would be worth it. With hindsight after doing the course i would highly recommend using them. It will make the content a lot more interesting but also teach a key skill which the book doesn't:

The key to most pen testing and vulnerability research is persistence and logical thinking. It is very well to think you know how a certain bug works but it can still be quite a challenge to actually implement it.

I feel very lucky to have been able to attend the live course for hands on help from the authors but you can definitely get all the information and practice you need purely from the book and the website. Its a shame that there isn't a couple of hours of practical time included when you buy the book.

It is very well written and covers all the areas you would expect. A lot of the old school web bugs explained such as SQL injection and less common now because of better programming practices and interfaces. Later chapters in the book such as the methodologies and logic flaw errors are timeless.

The book also provides real world solutions and mitigation's for the attacks described so this is highly recommended for anyone who develops web applications swell as people who carry out penetration testing on them.

While this may not be the best book ever written i think it definitively describes the topic therefore i have given it 5 stars.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
3 of 3 people found the following review helpful By Ken on 12 Jan. 2013
Format: Paperback Verified Purchase
I've actually met these guys before in Dublin at the Google building at set of OWASP presentations on web app security - and the guys definitely know their stuff. The book itself is really good and i find it very helpful to have on the desk, and to be able to reference to understand a topic better and to get ideas.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
2 of 2 people found the following review helpful By Pedro Gonçalo Pinto Domingues on 2 Dec. 2012
Format: Paperback Verified Purchase
My title says it all, this book is a reference, it is a bible, it has it all! Everything you may come across in web security, this book has it!
It is an amazing reference! How could I survive without this book so far?
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
2 of 2 people found the following review helpful By dmarcos on 6 Feb. 2013
Format: Paperback Verified Purchase
Great book. A must have on my daily work. I keep it on my desk to some situation i need to review something
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
Format: Kindle Edition Verified Purchase
One of the best books on the subject of web application pen testing. The use of a strong logical approach (maybe using Dafydd philosophy background) helps to get the key concepts across. The test checklist at the end of the book is very useful if you need a quick guide to get you started while testing websites.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
Format: Paperback Verified Purchase
If you are a web developer, this book is an interesting read to understand what possible vulnerabilities your products might have. Only negative point is that you have to pay for the exercises that are provided with the book.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again


Feedback