Shop now Shop now Shop now See more Shop all Amazon Fashion Cloud Drive Photos Shop now Learn More Shop now DIYED Shop now Shop Fire Shop Kindle Shop now Shop now Shop now

Customer Reviews

4.6 out of 5 stars
4.6 out of 5 stars
Your rating(Clear)Rate this item

There was a problem filtering reviews right now. Please try again later.

on 21 June 2013
I had high hopes of this book being a great study aid for taking the Crest or Tigerscheme web application CTL exam.

I wanted a book to refer to and also an online lab environment to practice the topics discussed in the book - although I have purchased 50 hrs of supporting lab time, I am so disappointed with the supporting labs that I am actually writing this review whilst having an active lab session open a waste of $7 or whatever a lab hr is.

Firstly - when reading the book there are references to specific labs which should contain the same content discussed right ?? yeah well no unfortunately. Either the labs have been re-written since they wrote the book or a different person wrote the labs.

The lab menu itself doesn't include all of the labs mentioned in the book so you have to find them manually, which isn't to bad I suppose but when you do find the lab from putting the reference directly into the browser and follow the content exactly as per the book - you find that all of the parameters are different and out of context.

So you carry on and presume this is intended to get you thinking right ?? no wrong, unfortunately the vulnerabilities being discussed in the book are not present on all of the referenced labs - so it looks as though they have either been removed or re-written, hence why they are not directly linked to the online lab menu.

OK - so not ideal, but then you could just use the Labs independently to the book?? well yes you could but then this is supposed to be a learning environment right ?? so if you can't find the problem or are struggling you would want to refer to something or have some form of Help, hints, explanations or even answers as a last resort yeah??

Well unfortunately not with this - if you get stuck or need help with a Lab then sorry but your own your own.

All in all - the authors know there web application hacking stuff alright, shame the person who put the labs together didn't seem to read the book to ensure everything reference in it matched up.

I would definitely recommend reading the book - possibly having a go in the labs but don't expect a smooth flowing study environment.
0Comment| 8 people found this helpful. Was this review helpful to you?YesNoReport abuse
on 18 December 2011
I read this book in preparation for the Live Course which was presented by Marcus.

While reading the book i found it was quite dry because i was not doing the practical excersises available online. As you have to pay for them i wasn't sure if it would be worth it. With hindsight after doing the course i would highly recommend using them. It will make the content a lot more interesting but also teach a key skill which the book doesn't:

The key to most pen testing and vulnerability research is persistence and logical thinking. It is very well to think you know how a certain bug works but it can still be quite a challenge to actually implement it.

I feel very lucky to have been able to attend the live course for hands on help from the authors but you can definitely get all the information and practice you need purely from the book and the website. Its a shame that there isn't a couple of hours of practical time included when you buy the book.

It is very well written and covers all the areas you would expect. A lot of the old school web bugs explained such as SQL injection and less common now because of better programming practices and interfaces. Later chapters in the book such as the methodologies and logic flaw errors are timeless.

The book also provides real world solutions and mitigation's for the attacks described so this is highly recommended for anyone who develops web applications swell as people who carry out penetration testing on them.

While this may not be the best book ever written i think it definitively describes the topic therefore i have given it 5 stars.
0Comment| 5 people found this helpful. Was this review helpful to you?YesNoReport abuse
on 12 January 2013
I've actually met these guys before in Dublin at the Google building at set of OWASP presentations on web app security - and the guys definitely know their stuff. The book itself is really good and i find it very helpful to have on the desk, and to be able to reference to understand a topic better and to get ideas.
0Comment| 3 people found this helpful. Was this review helpful to you?YesNoReport abuse
on 2 December 2012
My title says it all, this book is a reference, it is a bible, it has it all! Everything you may come across in web security, this book has it!
It is an amazing reference! How could I survive without this book so far?
0Comment| 2 people found this helpful. Was this review helpful to you?YesNoReport abuse
on 6 February 2013
Great book. A must have on my daily work. I keep it on my desk to some situation i need to review something
0Comment| 2 people found this helpful. Was this review helpful to you?YesNoReport abuse
on 10 May 2014
One of the best books on the subject of web application pen testing. The use of a strong logical approach (maybe using Dafydd philosophy background) helps to get the key concepts across. The test checklist at the end of the book is very useful if you need a quick guide to get you started while testing websites.
0Comment|Was this review helpful to you?YesNoReport abuse
on 12 July 2013
If you are a web developer, this book is an interesting read to understand what possible vulnerabilities your products might have. Only negative point is that you have to pay for the exercises that are provided with the book.
0Comment|Was this review helpful to you?YesNoReport abuse
on 21 September 2013
The Web Application Hackers handbook,- as its name suggests,- fully covers each phase of the web audit process,and describing all the relevant vulnerability finding techniques which should be done during a web audit.The book also covers the usage of Burp Suite which comes handy during a website audit.

I recommend this book for professional web auditors and for security conscious web developers as well.

I have received the book in a shiny condition.
0Comment|Was this review helpful to you?YesNoReport abuse
on 12 May 2016
Excellent book, a must for anyone who is considering web apps testing. Full of excellent technical examples and links well to the MDSEC labs (found at, which can be used alongside.
0Comment|Was this review helpful to you?YesNoReport abuse
on 8 September 2014
It is a good book for the basic understanding of threats and vulnerabilities. It is hard work to gain a deep understanding of the extremely complex picture of technology and the human mind.
0Comment|Was this review helpful to you?YesNoReport abuse