FREE Delivery in the UK.
In stock.
Dispatched from and sold by Amazon. Gift-wrap available.
XSS Attacks: Cross Site S... has been added to your Basket
+ £2.80 UK delivery
Used: Good | Details
Sold by Nearfine
Condition: Used: Good
Comment: A good reading copy. May contain markings or be a withdrawn library copy. Expect delivery in 20 days.
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

XSS Attacks: Cross Site Scripting Exploits and Defense Paperback – 9 May 2007

4.3 out of 5 stars 3 customer reviews

See all formats and editions Hide other formats and editions
Amazon Price
New from Used from
Kindle Edition
"Please retry"
"Please retry"
£30.73 £30.72
Promotion Message 10% Bulk Discount 1 Promotion(s)

Note: This item is eligible for click and collect. Details
Pick up your parcel at a time and place that suits you.
  • Choose from over 13,000 locations across the UK
  • Prime members get unlimited deliveries at no additional cost
How to order to an Amazon Pickup Location?
  1. Find your preferred location and add it to your address book
  2. Dispatch to this address when you check out
Learn more
£40.99 FREE Delivery in the UK. In stock. Dispatched from and sold by Amazon. Gift-wrap available.
click to open popover

Special Offers and Product Promotions

  • Save 10% on Books for Schools offered by when you purchase 10 or more of the same book. Here's how (terms and conditions apply) Enter code SCHOOLS2016 at checkout. Here's how (terms and conditions apply)

Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.

  • Apple
  • Android
  • Windows Phone

To get the free app, enter your mobile phone number.

Product details

  • Paperback: 480 pages
  • Publisher: Syngress (9 May 2007)
  • Language: English
  • ISBN-10: 9781597491549
  • ISBN-13: 978-1597491549
  • ASIN: 1597491543
  • Product Dimensions: 18.8 x 2.8 x 23.9 cm
  • Average Customer Review: 4.3 out of 5 stars  See all reviews (3 customer reviews)
  • Amazon Bestsellers Rank: 729,749 in Books (See Top 100 in Books)

Product Description

About the Author

Seth Fogie is the VP of Dallas-based Airscanner Corporation where he oversees the development of security software for the Window Mobile (Pocket PC) platform. He has co-authored numerous technical books on information security, including the top selling"

What Other Items Do Customers Buy After Viewing This Item?

Customer Reviews

4.3 out of 5 stars
5 star
4 star
3 star
2 star
1 star
See all 3 customer reviews
Share your thoughts with other customers

Top Customer Reviews

Format: Paperback Verified Purchase
I found the standard of English in this book to be so poor that at times it actually prevented clear understanding of the points being expressed. They have obviously used a spell-checker but not had it proof-read by a human being.
The content itself was adequate.
Comment 2 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback Verified Purchase
This book is pretty much where it's at with regard to the various forms of XSS. The only downside I can think of is it doesn't seem to have been proof read, or if it has, by someone who can't read.
Comment 2 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
XSS is everywhere, it is one of hte most common web attacks against web sites - ranging from defacement, worms and identity theft. But most of all it's so easy to fix.

This is a good easy read - helping those to understand what it is and others on how to exploit this in a ethical way.

Pentesters this should be another on your bookshelf.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse

Most Helpful Customer Reviews on (beta) 4.3 out of 5 stars 6 reviews
17 of 17 people found the following review helpful
4.0 out of 5 stars Originality and coverage earn four stars, but a better book is needed 20 July 2007
By Richard Bejtlich - Published on
Format: Paperback
XSS Attacks earns 4 stars for being the first book devoted to Cross Site Scripting and for rounding up multiple experts on the topic. The authors are synonymous with attacking Web applications and regularly share their vast expertise via their blogs and tools. However, XSS Attacks suffers the same problems found whenever Syngress rushes a book to print -- nonexistent editing and uneven content. I found XSS Attacks to be highly enlightening, but I expect a few other books on the topic arriving later this year could be better.

First, as Tadaka mentioned, ch 3 is the best written part of the book. In fact, the author of ch 3 should have written the entire book. There is a difference between an author of a tool, an author of a blog, and an author of a book. The author of ch 3 clearly knows how to make a clear argument over the course of a long stretch of pages (over 90) and carry the reader. Lucky for non-book-buyers, Syngress posted ch 3 for free on their Web site. You'll get a great foundation on XSS, and learn about CSRF and backdooring Flash and Quicktime.

In terms of readability, ch 2 wasn't bad. I liked trying out various Firefox extensions and the author's examples were good. I think ch 1 should be completely dropped. It mentions terms not defined until ch 2. The language is exceptionally rough, indicating zero editing was done. The DNS pinning examples in ch 5 were confusing; it doesn't help novice readers to discuss [...] and then use [...]. (I think that's an error.) I really didn't get as much from the book past ch 3 as I did from ch 3.

The major take-away from XSS Attacks is that one should never trust clients. Furthermore, far too many vulnerable capabilities exist in applications most people would never dream of fearing, like those that render .pdf or .swf. I really liked the point that browsers constantly interpret and "fix" broken HTML, sometimes to the detriment of the security world. I also liked reading how users can be duped by attacks against the integrity of data, such as adding or removing details of Web sites.

Right now, if you want to learn more about recent XSS attacks in printed form, this book is your main option. Last year I favorably reviewed Lance James' book, Phishing Exposed, which includes some of these techniques. Later this year one of the other book reviewers, Dafydd Stuttard, should be publishing The Web Application Hackers Handbook: Discovering and Exploiting Security Flaws. Syngress claims to be publishing Web Application Vulnerabilities: Detect, Exploit, Prevent by Steven Palmer in the fall. Hacking Exposed Web 2.0 by Himanshu Dwivedi is another option, but I find his security books to be poorly written. I highly recommend visiting the authors' blogs, since they cover a lot of the information in XSS Attacks.
6 of 6 people found the following review helpful
5.0 out of 5 stars Great for beginners and experts 4 July 2007
By Dafydd Stuttard - Published on
Format: Paperback
This book is a comprehensive analysis of XSS and related vulnerabilities, and covers everything from a beginner's introduction to XSS through to advanced exploitation and the latest attack techniques.

Overall, the book is well-organised, technically accurate, and full of pertinent examples and code extracts to illustrate the different vulnerabilities and attacks being described. There are plenty of tricks that will benefit even experienced web app hackers, including a wealth of filter bypasses, and coverage of offbeat topics such as injection into style sheets and use of non-standard content encoding.

There is strong coverage of recent research including JavaScript-based port scanning, history stealing and JSON hijacking, as you would expect given that these techniques were largely poineered by some of the authors. All of their explanations are clear and precise, and contain sufficient detail for you to fully understand each issue, and put together working code to exploit it. The book also includes the use of non-standard vehicles such as Flash and PDF for delivery of XSS attacks.

Here and there, the book displays the effects of multiple authorship, notably in the discussion of the best tools for finding XSS flaws. I know that some of the authors have rather opposing views on that question, but it is always good to get different people's perspectives on the tools they find most useful. There are also a few typos and editorial glitches, but that is the price you pay for being quick to market, as they evidently are.

Overall, this is a great book that will benefit a wide range of people, from novices to seasoned hackers. It is fun to read, with plenty of lighter moments punctuating the technical meat. Nothing else currently available is hitting this target - get it while it's hot!
1 of 1 people found the following review helpful
5.0 out of 5 stars Solid Coverage of Cross Site Scripting 2 July 2007
By Jason Wood - Published on
Format: Paperback
I've been through most of this book and found it to be an excellent source of information on cross site scripting (XSS). It starts off with a good introduction of the subject, covers the tools to help you evaluate your site for issues with XSS, and then goes through XSS non-stop to the end. I really liked the discussion of XSS theory in chapter 3. Instead of just covering how to look up and try different exploit methods, the authors spend a lot of time trying to convey the knowledge needed to really understand how XSS takes advantage of web apps and your browser's willingness to try and render as much as possible. This is extremely helpful when trying to craft your defenses, since you will have a more complete understanding of the problem.

The book is a lot to absorb and I'm still wrapping my mind around it, but it has really given me a new perspective on the scope of the issue. The authors are the experts on XSS and they've done a really good job on the book. If you want to get information straight from the guys doing the research on XSS, then this is the book you want.
1 of 1 people found the following review helpful
3.0 out of 5 stars Comprehensive content but with a lot of errors and poorly written 29 Mar. 2009
By Angelos Orfanakos - Published on
Format: Paperback Verified Purchase
This is a good book for getting started with XSS, with comprehensive information about the subject, but with quite a few significant drawbacks:

- There are a lot of spelling errors (almost one per page)
- There's not a straightforward structure of content
- It's very apparent that this has been written separately by many authors: there doesn't seem to be an effort to provide a single, similar and coherent writing style (e.g. in the same chapter, each section has its own little introduction, repeating things already mentioned in previous sections)
- It has had a very poor technical and editorial review (as shown by the many mistakes)
- It contains some strange things that make you wonder about how much thought was put while making the book (e.g. screenshots of full-black webpages)

Given the fact that there aren't many books on the subject, this is one you'd probably want to buy, but be prepared for a lot of mistakes and oversights.
1 of 1 people found the following review helpful
4.0 out of 5 stars Good 25 Jun. 2015
By jessie - Published on
Format: Kindle Edition Verified Purchase
It was a good book but the formatting was very weird and as such highlighting does not work at least on my iPad.
Were these reviews helpful? Let us know