HACKING EXPOSED WEB APPLICATIONS 3/E and over one million other books are available for Amazon Kindle. Learn more

Vous voulez voir cette page en français ? Cliquez ici.


or
Sign in to turn on 1-Click ordering.
or
Amazon Prime Free Trial required. Sign up when you check out. Learn More
More Buying Choices
Have one to sell? Sell yours here
Search inside this book
Start reading HACKING EXPOSED WEB APPLICATIONS 3/E on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

HACKING EXPOSED WEB APPLICATIONS, 3rd Edition [Paperback]

Joel Scambray (Author), Vincent Liu (Author), Caleb Sima (Author)
2.0 out of 5 stars  See all reviews (1 customer review)
List Price: CDN$ 55.95
Price: CDN$ 35.25 & this item ships for FREE with Super Saver Shipping. Details
You Save: CDN$ 20.70 (37%)
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
Only 1 left in stock (more on the way).
Ships from and sold by Amazon.ca. Gift-wrap available.
Want it delivered Wednesday, June 19? Choose One-Day Shipping at checkout.

Formats

 Amazon Price New from Used from
Kindle Edition CDN $27.24   -- --
Paperback CDN $35.25   -- --

Book Description

Publication Date: Oct 15 2010 | ISBN-10: 0071740643 | ISBN-13: 978-0071740647 | Edition: 3

The latest Web app attacks and countermeasures from world-renowned practitioners

Protect your Web applications from malicious attacks by mastering the weapons and thought processes of today's hacker. Written by recognized security practitioners and thought leaders, Hacking Exposed Web Applications, Third Edition is fully updated to cover new infiltration methods and countermeasures. Find out how to reinforce authentication and authorization, plug holes in Firefox and IE, reinforce against injection attacks, and secure Web 2.0 features. Integrating security into the Web development lifecycle (SDL) and into the broader enterprise information security program is also covered in this comprehensive resource.

  • Get full details on the hacker's footprinting, scanning, and profiling tools, including SHODAN, Maltego, and OWASP DirBuster
  • See new exploits of popular platforms like Sun Java System Web Server and Oracle WebLogic in operation
  • Understand how attackers defeat commonly used Web authentication technologies
  • See how real-world session attacks leak sensitive data and how to fortify your applications
  • Learn the most devastating methods used in today's hacks, including SQL injection, XSS, XSRF, phishing, and XML injection techniques
  • Find and fix vulnerabilities in ASP.NET, PHP, and J2EE execution environments
  • Safety deploy XML, social networking, cloud computing, and Web 2.0 services
  • Defend against RIA, Ajax, UGC, and browser-based, client-side exploits
  • Implement scalable threat modeling, code review, application scanning, fuzzing, and security testing procedures

Customers Who Bought This Item Also Bought

Product Details

Product Description

About the Author

Joel Scambray, CISSP, is co-founder and CEO of Consciere, provider of strategic security advisory services. He has worked in Internet security assessment and defense for nearly 15 years at Microsoft, Foundstone, Ernst & Young, and other organizations. Joel is an internationally renowned speaker and author of multiple security books, including 12 editions in the Hacking Exposed series.

Vincent Liu, CISSP, is a managing partner at Stach & Liu. He previously led the Attack & Penetration and Reverse Engineering teams at Honeywell's Global Security group, was a consultant with the Ernst & Young Advanced Security Centers, and was an analyst at the National Security Agency. Vincent speaks at industry conferences, including Black Hat, ToorCon, and Microsoft's BlueHat.

Caleb Sima is CEO of Armorize Technologies, provider of integrated Web application security solutions. He founded SPI Dynamics, a Web security technology company, and was an early innovator at Internet Security Systems/IBM's elite X-Force team. Caleb presents at key industry conferences, such as RSA and Black Hat.

Inside This Book (Learn More)
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index
Search inside this book:

What Other Items Do Customers Buy After Viewing This Item?

Explore similar items

Customer Reviews

5 star
0
4 star
0
3 star
0
2 star
1
1 star
0
2.0 out of 5 stars
1 review
2.0 out of 5 stars
Most helpful customer reviews
0 of 2 people found the following review helpful
2.0 out of 5 stars Xml eXternal Entity fantasy April 29 2011
By Pierre Ernst
Format:Paperback
XML External Entity Attacks are nicely described on page 283, but the authors seemed to have missed the point.
For a successful XXE attack, you need the service to respond with a document containing the user-supplied input.
The example given is just too simplistic. When adding an unexpected <foo> element to the request, there is no way the <foo> element will be included in the response.
Was this review helpful to you?
Yes
No
Most Helpful Customer Reviews on Amazon.com (beta)
Amazon.com: 4.7 out of 5 stars  3 reviews
17 of 17 people found the following review helpful
4.0 out of 5 stars A good book, but lacking some of what I like about the HE series Mar 31 2011
By Richard Bejtlich - Published on Amazon.com
Format:Paperback
This is the third Hacking Exposed: Web Applications (HE:WA) book I've reviewed, having reviewed the second edition in 2006 and the first edition in 2002. While I gave the earlier editions each five stars, I don't think HE:WA3E quite meets my expectations of a five star web application security book -- at least not one bearing the Hacking Exposed (HE) series name.

In my opinion, the winning formula for a good HE book was set by the first in the series, back in 1999: 1) explain a technology of interest; 2) show exactly how to exploit it; 3) recommend countermeasures. For me, these three steps MUST be followed, and any book with HE in the title that fails to follow this recipe is likely to fall flat. The reason I like this approach is simple; in many cases, defenders first encounter a new technology only after a researcher or intruder has broken it! In other words, the offensive side is usually far ahead of the defensive side, because offenders often specialize in a promising new area and pursue it relentlessly until they break it. Good HE books help redress this imbalance by getting the defender up to speed on a new technology, showing how to break it, and then suggesting defensive measures.

I believe that while HE:WA3E adopts some of this approach, it seems to not be consistently applied. In fact, I'm wondering if the absence of Mike Shema from the author team could be the reason for this change. Mike's handiwork still appears as a legacy of using older material, but elsewhere I found myself missing the HE formula.

For example, ch 9 seems to diverge from the HE recipe. It also seemed "light" to me compared to the prevalence of client-side exploitation. When HE:WA2E arrived in 2006, client-side attacks had been popular for about three years. I would have expected HE:WA3E (even though it's a "Web apps" book) to spend much more time on exploiting Web clients given the events of the past five years.

If you're wondering how the contents of HE:WA3E compare to HE:WA2E, it appears that concepts from the old ch 7 "Attacking Web Datastores" now appears in ch 6 ("Input Injection Attacks"), and ch 11 "Denial of Service (DoS) Attacks" is gone. I could tell when some material was repeated, but in other areas I could see updates (mention of the SHODAN search engine -- though not the "full details" listed on the back cover! -- for example).

Content-wise, the authors appeared to know a lot about their subject. Since I know all three from their conference appearances, I was confident in their expertise. One small note: I was disappointed by the screen shots in ch 10. The authors should keep in mind that screen captures from high resolution monitors do not translate well in print, especially when the images are fuzzy or very small.

Overall, I like HE:WA3E, but I hope to see a fourth edition return to the winning HE formula. I'd also like to see the authors take a look at some of the competing Web security books to see where they could differentiate to add even more value.
5.0 out of 5 stars I love it May 9 2013
By Costa - Published on Amazon.com
Format:Paperback|Amazon Verified Purchase
Very nice to help me secure my own application on php. I am debted to you for this book that help me more.
0 of 1 people found the following review helpful
5.0 out of 5 stars good product Dec 17 2012
By mark adi - Published on Amazon.com
Format:Paperback|Amazon Verified Purchase
good pricing.I would deal with the company again no problem. Good price and good product. i would order again from this company
Search Customer Reviews
Only search this product's reviews

    Your Shopping Cart is empty.

    Give it purpose—fill it with books, DVDs, clothes, electronics, and more.

    If you already have an account, sign in.

    View Cart (0 items)

      Listmania!

      Create a Listmania! list

      Look for similar items by category

      Feedback

      Would you like to update product info or give feedback on images?

      Amazon.ca Privacy Statement Amazon.ca Shipping Information Amazon.ca Returns & Exchanges