- Paperback: 768 pages
- Publisher: John Wiley & Sons (19 Oct. 2007)
- Language: English
- ISBN-10: 0470170778
- ISBN-13: 978-0470170779
- Product Dimensions: 18.8 x 4.1 x 23.4 cm
- Average Customer Review: 4.5 out of 5 stars See all reviews (8 customer reviews)
- Amazon Bestsellers Rank: 605,874 in Books (See Top 100 in Books)
- See Complete Table of Contents
The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws Paperback – 19 Oct 2007
There is a newer edition of this item:
Customers Who Bought This Item Also Bought
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
"If you have an interest in web application security, I would highly recommend picking up a copy of this book, especially if you’re interested in being able to audit applications for vulnerabilities". — Robert Wesley McGrew, McGrew Security
From the Back Cover
Hack the planet Web applications are everywhere, and they′re insecure. Banks, retailers, and others have deployed millions of applications that are full of holes, allowing attackers to steal personal data, carry out fraud, and compromise other systems. This innovative book shows you how they do it. This is hands–on stuff. The authors, recognized experts in security testing, take a practical approach, showing you the detailed steps involved in finding and exploiting security flaws in web applications. You will learn to: Defeat an application′s core defense mechanisms and gain unauthorized access, even to the most apparently secure applications Map attack surfaces and recognize potential entry points Break client–side controls implemented within HTML, Java®, ActiveX®, and Flash® Uncover subtle logic flaws that leave applications exposed Use automation to speed up your attacks, with devastating results Delve into source code and spot common vulnerabilities in languages like C#, Java, and PHP Know your enemy To defend an application, you must first know its weaknesses. If you design or maintain web applications, this book will arm you with the protective measures you need to prevent all of the attacks described. If you′re a developer, it will show you exactly where and how to strengthen your defenses. Additional resources online at www.wiley.com/go/webhacker Source code for scripts in this book Links to tools and resources Checklist of tasks involved in attacking applications Answers to the questions posed in each chapter A hacking challenge prepared by the authorsSee all Product Description
What Other Items Do Customers Buy After Viewing This Item?
Top Customer Reviews
As a full time Application tester most of the books I've read have been of little use, typically providing page filler examples of vulnerabilities and techniques that have been and gone or have offered little in the way of new information. This book however is bang up to date and teaches assessment techniques that will still be current for a long time to come.
If you're hoping to pursue a career in security, need the best reference available, or are trying to get to grips with the threats posed to your web application, you should buy this book.
At our organisation all of our technical staff have a copy and have all found it useful.
Since there is no book that does-it-all, following the provided references is mandatory to successfully digest the entire information. Along with Andreu's, this is one of the books that will stay for long as an asset in your arsenal and operate as an day-to-day reference on Web Application pentesting.
The problem? To take full advantage of the book you are require to pay $7 an hour to access the online application... Yes $7 an hour for a book you pay £30 for. The later chapters are full of 'Try It' with links and references to this expensive lab. If you aren't prepared to pay for it, this kind of kills the immersion of learning the techniques described in the book.
If the lab was avalible free (Or just cheaper) then it could potentially be one of the best learning tools for Web Application hacking. For me personally, I just don't like it... I will use the book as a reference, but I don't feel like using it as a learning tool.
Most Recent Customer Reviews
Very technical but very well explained hacking techniques for web pentesting. 100% Recommended as a reference book for any pentester.Published on 22 Aug. 2013 by Luis Acuna
I think it doesn't have a very good chapter about SQLi (teaching sqlmap for example), but it covers almost everything you will need to test on a webapp. Read morePublished on 13 Mar. 2013 by silas francisco
I don't think there is another book that comes close to the Web Application Hackers Handbook at the moment. Read morePublished on 20 Sept. 2011 by jmp esp