Customer Reviews


10 Reviews
5 star:
 (7)
4 star:
 (1)
3 star:
 (1)
2 star:
 (1)
1 star:    (0)
 
 
 
 
 
Average Customer Review
Share your thoughts with other customers
Create your own review
 
 

The most helpful favourable review
The most helpful critical review


4 of 4 people found the following review helpful
5.0 out of 5 stars Much more than SQL Injection and XSS
I read this book in preparation for the Live Course which was presented by Marcus.

While reading the book i found it was quite dry because i was not doing the practical excersises available online. As you have to pay for them i wasn't sure if it would be worth it. With hindsight after doing the course i would highly recommend using them. It will make the...
Published on 18 Dec 2011 by M. SMITH

versus
3 of 3 people found the following review helpful
3.0 out of 5 stars Disapointing supporting Lab environment.
I had high hopes of this book being a great study aid for taking the Crest or Tigerscheme web application CTL exam.

I wanted a book to refer to and also an online lab environment to practice the topics discussed in the book - although I have purchased 50 hrs of supporting lab time, I am so disappointed with the supporting labs that I am actually writing this...
Published 13 months ago by Amazon Customer


Most Helpful First | Newest First

4 of 4 people found the following review helpful
5.0 out of 5 stars Much more than SQL Injection and XSS, 18 Dec 2011
By 
M. SMITH - See all my reviews
(REAL NAME)   
Verified Purchase(What is this?)
This review is from: The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws (Paperback)
I read this book in preparation for the Live Course which was presented by Marcus.

While reading the book i found it was quite dry because i was not doing the practical excersises available online. As you have to pay for them i wasn't sure if it would be worth it. With hindsight after doing the course i would highly recommend using them. It will make the content a lot more interesting but also teach a key skill which the book doesn't:

The key to most pen testing and vulnerability research is persistence and logical thinking. It is very well to think you know how a certain bug works but it can still be quite a challenge to actually implement it.

I feel very lucky to have been able to attend the live course for hands on help from the authors but you can definitely get all the information and practice you need purely from the book and the website. Its a shame that there isn't a couple of hours of practical time included when you buy the book.

It is very well written and covers all the areas you would expect. A lot of the old school web bugs explained such as SQL injection and less common now because of better programming practices and interfaces. Later chapters in the book such as the methodologies and logic flaw errors are timeless.

The book also provides real world solutions and mitigation's for the attacks described so this is highly recommended for anyone who develops web applications swell as people who carry out penetration testing on them.

While this may not be the best book ever written i think it definitively describes the topic therefore i have given it 5 stars.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


3 of 3 people found the following review helpful
3.0 out of 5 stars Disapointing supporting Lab environment., 21 Jun 2013
Verified Purchase(What is this?)
This review is from: The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws (Paperback)
I had high hopes of this book being a great study aid for taking the Crest or Tigerscheme web application CTL exam.

I wanted a book to refer to and also an online lab environment to practice the topics discussed in the book - although I have purchased 50 hrs of supporting lab time, I am so disappointed with the supporting labs that I am actually writing this review whilst having an active lab session open a waste of $7 or whatever a lab hr is.

Firstly - when reading the book there are references to specific labs which should contain the same content discussed right ?? yeah well no unfortunately. Either the labs have been re-written since they wrote the book or a different person wrote the labs.

The lab menu itself doesn't include all of the labs mentioned in the book so you have to find them manually, which isn't to bad I suppose but when you do find the lab from putting the reference directly into the browser and follow the content exactly as per the book - you find that all of the parameters are different and out of context.

So you carry on and presume this is intended to get you thinking right ?? no wrong, unfortunately the vulnerabilities being discussed in the book are not present on all of the referenced labs - so it looks as though they have either been removed or re-written, hence why they are not directly linked to the online lab menu.

OK - so not ideal, but then you could just use the Labs independently to the book?? well yes you could but then this is supposed to be a learning environment right ?? so if you can't find the problem or are struggling you would want to refer to something or have some form of Help, hints, explanations or even answers as a last resort yeah??

Well unfortunately not with this - if you get stuck or need help with a Lab then sorry but your own your own.

All in all - the authors know there web application hacking stuff alright, shame the person who put the labs together didn't seem to read the book to ensure everything reference in it matched up.

I would definitely recommend reading the book - possibly having a go in the labs but don't expect a smooth flowing study environment.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


2 of 2 people found the following review helpful
5.0 out of 5 stars A must have, 6 Feb 2013
Verified Purchase(What is this?)
This review is from: The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws (Paperback)
Great book. A must have on my daily work. I keep it on my desk to some situation i need to review something
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


2 of 2 people found the following review helpful
5.0 out of 5 stars Great Book, 12 Jan 2013
Verified Purchase(What is this?)
This review is from: The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws (Paperback)
I've actually met these guys before in Dublin at the Google building at set of OWASP presentations on web app security - and the guys definitely know their stuff. The book itself is really good and i find it very helpful to have on the desk, and to be able to reference to understand a topic better and to get ideas.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


2 of 2 people found the following review helpful
5.0 out of 5 stars The most complete book of web security I've ever seen!, 2 Dec 2012
Verified Purchase(What is this?)
This review is from: The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws (Paperback)
My title says it all, this book is a reference, it is a bible, it has it all! Everything you may come across in web security, this book has it!
It is an amazing reference! How could I survive without this book so far?
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


5.0 out of 5 stars excellent book with sound engineering and logic throughout, 10 May 2014
Verified Purchase(What is this?)
One of the best books on the subject of web application pen testing. The use of a strong logical approach (maybe using Dafydd philosophy background) helps to get the key concepts across. The test checklist at the end of the book is very useful if you need a quick guide to get you started while testing websites.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


5.0 out of 5 stars A 'must to have' book for Web Audit., 21 Sep 2013
Verified Purchase(What is this?)
This review is from: The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws (Paperback)
The Web Application Hackers handbook,- as its name suggests,- fully covers each phase of the web audit process,and describing all the relevant vulnerability finding techniques which should be done during a web audit.The book also covers the usage of Burp Suite which comes handy during a website audit.

I recommend this book for professional web auditors and for security conscious web developers as well.

I have received the book in a shiny condition.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


4.0 out of 5 stars Very interesting read for web developers, 12 July 2013
Verified Purchase(What is this?)
This review is from: The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws (Paperback)
If you are a web developer, this book is an interesting read to understand what possible vulnerabilities your products might have. Only negative point is that you have to pay for the exercises that are provided with the book.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


5.0 out of 5 stars Excellent, 18 Mar 2013
Verified Purchase(What is this?)
This review is from: The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws (Paperback)
Great resource - a valuable insight into Web Application Security assessments and penetration testing - well written and explained with plenty of examples
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


3 of 14 people found the following review helpful
2.0 out of 5 stars not worth the money if you read the first edition, 15 Jan 2012
This review is from: The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws (Paperback)
Book it just not up worth the money if you have the first version. Hasnt added enough to make it worth buying if you have the first book. Overall its an good book to get you started but very poor on blind sql injection and explinations are very poor in some areas
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


Most Helpful First | Newest First

This product

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
£27.19
In stock
Add to basket Add to wishlist
Only search this product's reviews