The Web Application Hacker's Handbook and over one million other books are available for Amazon Kindle. Learn more

Vous voulez voir cette page en français ? Cliquez ici.


or
Sign in to turn on 1-Click ordering.
or
Amazon Prime Free Trial required. Sign up when you check out. Learn More
Search inside this book
Start reading The Web Application Hacker's Handbook on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws [Paperback]

Dafydd Stuttard (Author), Marcus Pinto (Author)
4.7 out of 5 stars  See all reviews (3 customer reviews)
List Price: CDN$ 59.99
Price: CDN$ 37.79 & this item ships for FREE with Super Saver Shipping. Details
You Save: CDN$ 22.20 (37%)
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
Only 1 left in stock.
Ships from and sold by Amazon.ca. Gift-wrap available.
Want it delivered Wednesday, May 22? Choose One-Day Shipping at checkout.

Formats

 Amazon Price New from Used from
Kindle Edition CDN $27.78   -- --
Paperback CDN $37.79   -- --
There is a newer edition of this item:
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws 5.0 out of 5 stars (1)
CDN$ 37.62
In Stock.

Book Description

Publication Date: Oct 22 2007
This book is a practical guide to discovering and exploiting security flaws in web applications. The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications.

The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results.

The authors are professional penetration testers who have been involved in web application security for nearly a decade. They have presented training courses at the Black Hat security conferences throughout the world. Under the alias "PortSwigger", Dafydd developed the popular Burp Suite of web application hack tools.

Frequently Bought Together

Customers buy this book with JavaScript: The Good Parts by Douglas Crockford Paperback CDN$ 18.80

The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws + JavaScript: The Good Parts
Price For Both: CDN$ 56.59

Show availability and shipping details

  • This item: The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws by Dafydd Stuttard Paperback

    In Stock.
    Ships from and sold by Amazon.ca.
    This item ships for FREE with Super Saver Shipping. Details

  • JavaScript: The Good Parts by Douglas Crockford Paperback

    In Stock.
    Ships from and sold by Amazon.ca.
    Eligible for FREE Super Saver Shipping on orders over CDN$ 25. Details

Customers Who Bought This Item Also Bought

Product Details

Product Description

Review

"If you have an interest in web application security, I would highly recommend picking up a copy of this book, especially if you’re interested in being able to audit applications for vulnerabilities".
Robert Wesley McGrew, McGrew Security

From the Back Cover

Hack the planet

Web applications are everywhere, and they're insecure. Banks, retailers, and others have deployed millions of applications that are full of holes, allowing attackers to steal personal data, carry out fraud, and compromise other systems. This innovative book shows you how they do it.

This is hands-on stuff. The authors, recognized experts in security testing, take a practical approach, showing you the detailed steps involved in finding and exploiting security flaws in web applications. You will learn to:

  • Defeat an application's core defense mechanisms and gain unauthorized access, even to the most apparently secure applications

  • Map attack surfaces and recognize potential entry points

  • Break client-side controls implemented within HTML, Java®, ActiveX®, and Flash®

  • Uncover subtle logic flaws that leave applications exposed

  • Use automation to speed up your attacks, with devastating results

  • Delve into source code and spot common vulnerabilities in languages like C#, Java, and PHP

Know your enemy

To defend an application, you must first know its weaknesses. If you design or maintain web applications, this book will arm you with the protective measures you need to prevent all of the attacks described. If you're a developer, it will show you exactly where and how to strengthen your defenses.

Additional resources online at www.wiley.com/go/webhacker

  • Source code for scripts in this book

  • Links to tools and resources

  • Checklist of tasks involved in attacking applications

  • Answers to the questions posed in each chapter

  • A hacking challenge prepared by the authors

See all Product Description
Inside This Book (Learn More)
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index | Back Cover
Search inside this book:

What Other Items Do Customers Buy After Viewing This Item?

Explore similar items

Customer Reviews

5 star
2
4 star
1
3 star
0
2 star
0
1 star
0
4.7 out of 5 stars
3 reviews
4.7 out of 5 stars
Most helpful customer reviews
2 of 2 people found the following review helpful
5.0 out of 5 stars Fantastic book with great coverage of Web apps threats Jan 11 2010
By Jose Rodriguez
Format:Paperback
Written for a hacker? Not really! The book succeeds at showing Web application vulnerabilities and how to effectively defend from the possible attacks these would allow.

We are using it in our company as the guideline for securing an important Web application and it has covered all issues automated test tools from Rational reported.

I find the book is very well written and explains concepts with clarity, I just could not stop reading it, it's a really interesting book!
Was this review helpful to you?
Yes
No
1 of 1 people found the following review helpful
5.0 out of 5 stars Wonderful introduction to the topic of web application security Nov 16 2009
By Tim Taylor
Format:Paperback
This is a great resource for anyone looking for an introduction to web application security and no clue where to start. It begins with the background information you will need to work through many of the techniques that are introduced in the later chapters.
Was this review helpful to you?
Yes
No
0 of 2 people found the following review helpful
4.0 out of 5 stars Contains some priceless tricks Jan 28 2010
By Pierre Ernst
Format:Paperback
I found section 5.10.4 on page 696 most interesting.

This is especially important since the cookie path defaults to the current location without the trailing slash ([...])

I was able to reproduce this behavior on IE6, IE7, IE8, Safari 3 and even Netscape Communicator 4.79 :-)

However with Firefox or Chrome, cookies set on path "/bank" cannot be accessed from resources located under "/banktest/".
Was this review helpful to you?
Yes
No
Want to see more reviews on this item?
Search Customer Reviews
Only search this product's reviews

    Your Shopping Cart is empty.

    Give it purpose—fill it with books, DVDs, clothes, electronics, and more.

    If you already have an account, sign in.

    View Cart (0 items)

      Listmania!

      Create a Listmania! list

      Look for similar items by category

      Feedback

      Would you like to update product info or give feedback on images?

      Amazon.ca Privacy Statement Amazon.ca Shipping Information Amazon.ca Returns & Exchanges