Quantity:

More Buying Choices

39 used & new from �12.20

Have one to sell? Sell yours here

Share your own customer images

Search inside this book

How to Break Web Software: Functional and Security Testing of Web Applications and Web Services (Paperback)

by Mike Andrews (Author), James A. Whittaker (Author)

4.7 out of 5 stars See all reviews (3 customer reviews)

RRP:	�24.93
Price:	�12.46 & this item Delivered FREE in the UK with Super Saver Delivery. See details and conditions
You Save:	�12.47 (50%)
	o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o

Usually dispatched within 7 to 12 days.
Dispatched from and sold by Amazon.co.uk. Gift-wrap available.

28 new from �12.20 11 used from �18.39

January Deals in Books
Save up to 60% on selected books. Shop now

› See more product promotions

Frequently Bought Together

Customers buy this book with The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws by Dafydd Stuttard

Price For Both: �32.55

One of these items is dispatched sooner than the other. Show details

This item: How to Break Web Software: Functional and Security Testing of Web Applications and Web Services by Mike Andrews

Usually dispatched within 7 to 12 days.
Dispatched from and sold by Amazon.co.uk.
This item Delivered FREE in the UK with Super Saver Delivery. See details and conditions

The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws by Dafydd Stuttard

In stock.
Dispatched from and sold by Amazon.co.uk.
This item Delivered FREE in the UK with Super Saver Delivery. See details and conditions

This item: How to Break Web Software: Functional and Security Testing of Web Applications and Web Services by Mike Andrews
Usually dispatched within 7 to 12 days.
Dispatched from and sold by Amazon.co.uk.
This item Delivered FREE in the UK with Super Saver Delivery. See details and conditions
The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws by Dafydd Stuttard
In stock.
Dispatched from and sold by Amazon.co.uk.
This item Delivered FREE in the UK with Super Saver Delivery. See details and conditions

Customers Who Bought This Item Also Bought

The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws

by Dafydd Stuttard

4.8 out of 5 stars (4) �20.09

How to Break Software: A Practical Guide to Testing

by James A. Whittaker

3.0 out of 5 stars (1) �31.34

How to Break Software Security

by James A. Whittaker

�32.29

Software Security: Building Security In

by Gary McGraw

�30.52

Agile Testing: A Practical Guide for Testers and Agile Teams (Addison-Wesley Signature)

by Lisa Crispin

5.0 out of 5 stars (3) �15.99

› Explore similar items

Product details

Paperback: 240 pages
Publisher: Addison Wesley; Pap/Cdr edition (16 Feb 2006)
Language English
ISBN-10: 0321369440
ISBN-13: 978-0321369444
Product Dimensions: 22.9 x 17.5 x 1.8 cm

Average Customer Review: 4.7 out of 5 stars See all reviews (3 customer reviews)

Amazon.co.uk Sales Rank: 67,652 in Books (See Bestsellers in Books)

Popular in these categories:

#1 in	Books > Computing & Internet > Computer Science > Security > Programming > Web Services
#2 in	Books > Computing & Internet > Computer Science > Security > Web Security
#8 in	Books > Computing & Internet > Programming > Languages > XML > Web Services

Would you like to update product info or give feedback on images?

See Complete Table of Contents

Customers Viewing This Page May Be Interested in These Sponsored Links

(What is this?)

Security Of Web opens new browser window

Microsoft.com/TechNet - Get Security updates from Microsoft TechCentre & keep your apps secure

Website Testing Services opens new browser window

www.betabreakers.com - Software & Internet QA Solutions Testing Worldwide for Twenty Years

Website Security Testing opens new browser window

www.SecureThinking.co.uk - Make sure your web site protects your business and its visitors!

Product Description

Since its early days as an information exchange tool limited to academe, researchers, and the military, the web has grown into a commerce engine that is now omnipresent in all facets of our lifes. More websites are created daily and more applications are developed to allow users to learn, research, and purchase online. As a result, web development is often rushed, which increases the risk of attacks from hackers. Furthermore, the need for secure applications has to be balanced with the need for usability, performance, and reliability. In this book, Whittaker and Andrews demonstrate how rigorous web testing can help prevent and prepare for such attacks. They point out that methodical testing must include identifying threats and attack vectors to establish and then implement the appropriate testing techniques, manual or automated.

From the Back Cover

"The techniques in this book are not an option for testers–they are mandatory and these are the guys to tell you how to apply them!"
–HarryRobinson, Google.

Rigorously test and improve the security of all your Web software!

It’s as certain as death and taxes: hackers will mercilessly attack your Web sites, applications, and services. If you’re vulnerable, you’d better discover these attacks yourself, before the black hats do. Now, there’s a definitive, hands-on guide to security-testing any Web-based software: How to Break Web Software.

In this book, two renowned experts address every category of Web software exploit: attacks on clients, servers, state, user inputs, and more. You’ll master powerful attack tools and techniques as you uncover dozens of crucial, widely exploited flaws in Web architecture and coding. The authors reveal where to look for potential threats and attack vectors, how to rigorously test for each of them, and how to mitigate the problems you find. Coverage includes

· Client vulnerabilities, including attacks on client-side validation

· State-based attacks: hidden fields, CGI parameters, cookie poisoning, URL jumping, and session hijacking

· Attacks on user-supplied inputs: cross-site scripting, SQL injection, and directory traversal

· Language- and technology-based attacks: buffer overflows, canonicalization, and NULL string attacks

· Server attacks: SQL Injection with stored procedures, command injection, and server fingerprinting

· Cryptography, privacy, and attacks on Web services

Your Web software is mission-critical–it can’t be compromised. Whether you’re a developer, tester, QA specialist, or IT manager, this book will help you protect that software–systematically.

Companion CD contains full source code for one testing tool you can modify and extend, free Web security testing tools, and complete code from a flawed Web site designed to give you hands-on practice in identifying security holes.

See all Product Description

Inside This Book (Learn More)

Suggested Tags from Similar Products

(What's this?)

Be the first one to add a relevant tag (keyword that's strongly related to this product)

webtesting

software

security testing

network security

internet

What Do Customers Ultimately Buy After Viewing This Item?

	71% buy the item featured on this page: How to Break Web Software: Functional and Security Testing of Web Applications and Web Services 4.7 out of 5 stars (3) �12.46
	18% buy The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws 4.8 out of 5 stars (4) �20.09
	5% buy Web Security Testing Cookbook: Systematic Techniques to Find Problems Fast �16.35
	4% buy Agile Testing: A Practical Guide for Testers and Agile Teams (Addison-Wesley Signature) 5.0 out of 5 stars (3) �15.99

Explore similar items

Customer Reviews

3 Reviews

5 star:		(2)
4 star:		(1)
3 star:		(0)
2 star:		(0)
1 star:		(0)

Average Customer Review

4.7 out of 5 stars (3 customer reviews)

Share your thoughts with other customers:

Create your own review

Most Helpful Customer Reviews

2 of 2 people found the following review helpful:

5.0 out of 5 stars Buy it, 11 Jan 2007

By	Kevin Barron "Basher" (Northampton, UK) - See all my reviews (REAL NAME)

If you want to get to grips with this subject this book is a great little read. You can either just plough through it, as it is an easy read, or go and look at all the links and tools he is referencing to get extra detail and clarity. If you don't have any other books on this subject, get this first.

No, I don't know the author.

Comment Comment | Permalink | Was this review helpful to you? Yes No (Report this)

1 of 1 people found the following review helpful:

4.0 out of 5 stars client side only, 23 Feb 2009

By	M. Mohammed "doubleM" (Manchester, UK) - See all my reviews (REAL NAME)

If you're looking for a comprehensive guide to web testing - this is not it as it only deals with client side testing. However, it still is a good read, with valuable insight and guidance ... and at this price, I would recommend it a definate buy!

Comment Comment | Permalink | Was this review helpful to you? Yes No (Report this)

3 of 5 people found the following review helpful:

5.0 out of 5 stars A good overview of the tools and techniques available today!, 6 Jul 2006

By	D. Ward (UK) - See all my reviews (REAL NAME)

In keeping with the brevity of this excellent book, I'll keep this short. This book is readable, educational and covers the majority of tests that are required on web applications today. The tools included on the CD are also first rate, with good commentary on how to use them in the book, giving further reading where required.

Comment Comment | Permalink | Was this review helpful to you? Yes No (Report this)

Share your thoughts with other customers: Create your own review

› See all 3 customer reviews...

.jsOffDisplayBlock { display: block; } .jsOffDisplayInline { display: inline; } .jsOffVisibility { visibility: visible; } .jsOnDisplayBlock { display: none; } .jsOnDisplayNoneBlock { display: block; } .jsOnDisplayNoneInline { display: inline; } .jsOnDisplayInline { display: none; } .jsOnVisibility { visibility: hidden; } .jqOnDisplayBlock { display: none; } .jqOnDisplayInline { display: none; } .jqOnVisibility { visibility: hidden; } .jqOnDisplayNoneBlock { display: block; } .jqOnDisplayNoneInline { display: inline; }