Learn more Shop now Shop now Shop now Shop now Shop now Shop now Learn More Shop now Learn more Click Here Shop Kindle Learn More Shop now Shop Women's Shop Men's



There was a problem filtering reviews right now. Please try again later.

on 26 June 2017
Good book, lots of relevant content. Disappointed that to fully utilise the book it recommends buying 'lab time' at their website. Burp suite is a great tool too, designed by the authors and heavily recommended throughout the book, while the free version is competent, the full version costs over £250. In terms of expense, this book is only the tip of the iceberg.
0Comment| One person found this helpful. Was this review helpful to you?YesNoReport abuse
on 26 July 2017
As a security architect this book is an invaluable source of information and very well written it covers everything you would need for web app hacking and I used it to help prepare for my CREST CRT certification.

Highly recommended and is used on a daily basis. If you work as a web developer or in cyber security then this book is a must.
0Comment|Was this review helpful to you?YesNoReport abuse
on 2 April 2017
An excellent 'read'. Very well put together and very informative. A definitive work on the subject but written so that I could pick it up again easily, when I had time to revisit it. I learnt a lot!
0Comment|Was this review helpful to you?YesNoReport abuse
on 21 June 2013
I had high hopes of this book being a great study aid for taking the Crest or Tigerscheme web application CTL exam.

I wanted a book to refer to and also an online lab environment to practice the topics discussed in the book - although I have purchased 50 hrs of supporting lab time, I am so disappointed with the supporting labs that I am actually writing this review whilst having an active lab session open a waste of $7 or whatever a lab hr is.

Firstly - when reading the book there are references to specific labs which should contain the same content discussed right ?? yeah well no unfortunately. Either the labs have been re-written since they wrote the book or a different person wrote the labs.

The lab menu itself doesn't include all of the labs mentioned in the book so you have to find them manually, which isn't to bad I suppose but when you do find the lab from putting the reference directly into the browser and follow the content exactly as per the book - you find that all of the parameters are different and out of context.

So you carry on and presume this is intended to get you thinking right ?? no wrong, unfortunately the vulnerabilities being discussed in the book are not present on all of the referenced labs - so it looks as though they have either been removed or re-written, hence why they are not directly linked to the online lab menu.

OK - so not ideal, but then you could just use the Labs independently to the book?? well yes you could but then this is supposed to be a learning environment right ?? so if you can't find the problem or are struggling you would want to refer to something or have some form of Help, hints, explanations or even answers as a last resort yeah??

Well unfortunately not with this - if you get stuck or need help with a Lab then sorry but your own your own.

All in all - the authors know there web application hacking stuff alright, shame the person who put the labs together didn't seem to read the book to ensure everything reference in it matched up.

I would definitely recommend reading the book - possibly having a go in the labs but don't expect a smooth flowing study environment.
11 Comment| 13 people found this helpful. Was this review helpful to you?YesNoReport abuse
on 18 December 2011
I read this book in preparation for the Live Course which was presented by Marcus.

While reading the book i found it was quite dry because i was not doing the practical excersises available online. As you have to pay for them i wasn't sure if it would be worth it. With hindsight after doing the course i would highly recommend using them. It will make the content a lot more interesting but also teach a key skill which the book doesn't:

The key to most pen testing and vulnerability research is persistence and logical thinking. It is very well to think you know how a certain bug works but it can still be quite a challenge to actually implement it.

I feel very lucky to have been able to attend the live course for hands on help from the authors but you can definitely get all the information and practice you need purely from the book and the website. Its a shame that there isn't a couple of hours of practical time included when you buy the book.

It is very well written and covers all the areas you would expect. A lot of the old school web bugs explained such as SQL injection and less common now because of better programming practices and interfaces. Later chapters in the book such as the methodologies and logic flaw errors are timeless.

The book also provides real world solutions and mitigation's for the attacks described so this is highly recommended for anyone who develops web applications swell as people who carry out penetration testing on them.

While this may not be the best book ever written i think it definitively describes the topic therefore i have given it 5 stars.
0Comment| 5 people found this helpful. Was this review helpful to you?YesNoReport abuse
on 6 May 2017
Horribly out of date, terrible and expensive labs. I expected more from Daffy but he was probably held back by the 'co-author'.
11 Comment| One person found this helpful. Was this review helpful to you?YesNoReport abuse
on 12 January 2013
I've actually met these guys before in Dublin at the Google building at set of OWASP presentations on web app security - and the guys definitely know their stuff. The book itself is really good and i find it very helpful to have on the desk, and to be able to reference to understand a topic better and to get ideas.
0Comment| 3 people found this helpful. Was this review helpful to you?YesNoReport abuse
on 6 February 2013
Great book. A must have on my daily work. I keep it on my desk to some situation i need to review something
0Comment| 2 people found this helpful. Was this review helpful to you?YesNoReport abuse
on 10 May 2014
One of the best books on the subject of web application pen testing. The use of a strong logical approach (maybe using Dafydd philosophy background) helps to get the key concepts across. The test checklist at the end of the book is very useful if you need a quick guide to get you started while testing websites.
0Comment|Was this review helpful to you?YesNoReport abuse
on 12 July 2013
If you are a web developer, this book is an interesting read to understand what possible vulnerabilities your products might have. Only negative point is that you have to pay for the exercises that are provided with the book.
0Comment|Was this review helpful to you?YesNoReport abuse

Sponsored Links

  (What is this?)