Learn more Download now Shop now Shop now flip flip flip Shop now Learn More Shop now Shop now Shop now Learn more Shop Fire Shop Kindle Learn More Shop now Shop now Learn more



on 18 December 2011
I read this book in preparation for the Live Course which was presented by Marcus.

While reading the book i found it was quite dry because i was not doing the practical excersises available online. As you have to pay for them i wasn't sure if it would be worth it. With hindsight after doing the course i would highly recommend using them. It will make the content a lot more interesting but also teach a key skill which the book doesn't:

The key to most pen testing and vulnerability research is persistence and logical thinking. It is very well to think you know how a certain bug works but it can still be quite a challenge to actually implement it.

I feel very lucky to have been able to attend the live course for hands on help from the authors but you can definitely get all the information and practice you need purely from the book and the website. Its a shame that there isn't a couple of hours of practical time included when you buy the book.

It is very well written and covers all the areas you would expect. A lot of the old school web bugs explained such as SQL injection and less common now because of better programming practices and interfaces. Later chapters in the book such as the methodologies and logic flaw errors are timeless.

The book also provides real world solutions and mitigation's for the attacks described so this is highly recommended for anyone who develops web applications swell as people who carry out penetration testing on them.

While this may not be the best book ever written i think it definitively describes the topic therefore i have given it 5 stars.
5 people found this helpful
|0Comment|Report abuse
on 26 July 2017
As a security architect this book is an invaluable source of information and very well written it covers everything you would need for web app hacking and I used it to help prepare for my CREST CRT certification.

Highly recommended and is used on a daily basis. If you work as a web developer or in cyber security then this book is a must.
One person found this helpful
|0Comment|Report abuse
on 26 June 2017
Good book, lots of relevant content. Disappointed that to fully utilise the book it recommends buying 'lab time' at their website. Burp suite is a great tool too, designed by the authors and heavily recommended throughout the book, while the free version is competent, the full version costs over £250. In terms of expense, this book is only the tip of the iceberg.
One person found this helpful
|0Comment|Report abuse
on 12 January 2013
I've actually met these guys before in Dublin at the Google building at set of OWASP presentations on web app security - and the guys definitely know their stuff. The book itself is really good and i find it very helpful to have on the desk, and to be able to reference to understand a topic better and to get ideas.
3 people found this helpful
|0Comment|Report abuse
on 12 May 2016
Excellent book, a must for anyone who is considering web apps testing. Full of excellent technical examples and links well to the MDSEC labs (found at mdec.net), which can be used alongside.
|0Comment|Report abuse
on 2 April 2017
An excellent 'read'. Very well put together and very informative. A definitive work on the subject but written so that I could pick it up again easily, when I had time to revisit it. I learnt a lot!
|0Comment|Report abuse
on 7 December 2017
Excellent thankyou very much :)
|0Comment|Report abuse
on 6 February 2017
One of the best, if not so, books in web security.
|0Comment|Report abuse
on 31 May 2018
Boring for a web developer, somewhat enlightening; the labs are no longer maintained, this book has lost its “follow along” selling point.
|0Comment|Report abuse
on 8 October 2017
Amazing Book!
|0Comment|Report abuse