- Prime Students save 10% when purchasing $100 or more on textbooks Enter code TEXT10 at checkout. Here's how (restrictions apply)
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws Paperback – Sep 27 2011
|New from||Used from|
Special offers and product promotions
Frequently bought together
Customers who bought this item also bought
No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.
To get the free app, enter your mobile phone number.
Would you like to tell us about a lower price?
If you are a seller for this product, would you like to suggest updates through seller support?
From the Back Cover
New technologies. New attack techniques. Start hacking.
Web applications are everywhere, and they're insecure. Banks, retailers, and others have deployed millions of applications that are full of holes, allowing attackers to steal personal data, carry out fraud, and compromise other systems. This book shows you how they do it.
This fully updated edition contains the very latest attack techniques and countermeasures, showing you how to break into today's complex and highly functional applications. Roll up your sleeves and dig in.
Discover how cloud architectures and social networking have added exploitable attack surfaces to applications
Leverage the latest HTML features to deliver powerful cross-site scripting attacks
Deliver new injection exploits, including XML external entity and HTTP parameter pollution attacks
Learn how to break encrypted session tokens and other sensitive data found in cloud services
Discover how technologies like HTML5, REST, CSS and JSON can be exploited to attack applications and compromise users
Learn new techniques for automating attacksand dealing with CAPTCHAs and cross-site request forgery tokens
Steal sensitive data across domains using seemingly harmless application functions and new browser features
Find help and resources at http://mdsec.net/wahh
Source code for some of the scripts in the book
Links to tools and other resources
A checklist of tasks involved in most attacks
Answers to the questions posed in each chapter
Hundreds of interactive vulnerability labs
About the Author
DAFYDD STUTTARD is an independent security consultant, author, and software developer specializing in penetration testing of web applications and compiled software. Under the alias PortSwigger, Dafydd created the popular Burp Suite of hacking tools.
MARCUS PINTO delivers security consultancy and training on web application attack and defense to leading global organizations in the financial, government, telecom, gaming, and retail sectors.
The authors cofounded MDSec, a consulting company that provides training in attack and defense-based security.
Customers who viewed this item also viewed
Showing 1-6 of 6 reviews
There was a problem filtering reviews right now. Please try again later.
I bought it and read up first few chapters and I am disappointed.
When I want to try by examples which list under 'Try it'. They are no longer available as the company doesn't support the lab any more. So, ...as a new person to lean this subject without online examples, the content of this book is not quite easy to understand!
The companion web site is a great thing. It allows you to easily test the techniques explained in a controlled way.
Must read for every Web Application Security Professional or every serious and professional. I almost wish it was a mandatory reading in order to get a job as a web application developer.
If you want to learn how to hack a website this is the perfect book.
Want to see more reviews on this item?