• List Price: CDN$ 51.99
  • You Save: CDN$ 11.64 (22%)
Temporarily out of stock.
Order now and we'll deliver when available. We'll e-mail you with an estimated delivery date as soon as we have more information. Your account will only be charged when we ship the item.
Ships from and sold by Amazon.ca. Gift-wrap available.
Web Hacking: Attacks and ... has been added to your Cart
+ CDN$ 6.49 shipping
Used: Good | Details
Condition: Used: Good
Comment: **SHIPPED FROM UK** We believe you will be completely satisfied with our quick and reliable service. All orders are dispatched as swiftly as possible! Buy with confidence!
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 3 images

Web Hacking: Attacks and Defense Paperback – Aug 8 2002

4.6 out of 5 stars 10 customer reviews

See all formats and editions Hide other formats and editions
Amazon Price
New from Used from
"Please retry"
CDN$ 40.35
CDN$ 31.70 CDN$ 0.99

Harry Potter and the Cursed Child
click to open popover

Special Offers and Product Promotions

  • You'll save an extra 5% on Books purchased from Amazon.ca, now through July 29th. No code necessary, discount applied at checkout. Here's how (restrictions apply)

No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.
Getting the download link through email is temporarily not available. Please check back later.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your mobile phone number.

Product Details

  • Paperback: 528 pages
  • Publisher: Addison-Wesley Professional; 1 edition (Aug. 8 2002)
  • Language: English
  • ISBN-10: 0201761769
  • ISBN-13: 978-0201761764
  • Product Dimensions: 18.5 x 3 x 22.9 cm
  • Shipping Weight: 907 g
  • Average Customer Review: 4.6 out of 5 stars 10 customer reviews
  • Amazon Bestsellers Rank: #2,184,361 in Books (See Top 100 in Books)
  •  Would you like to update product info, give feedback on images, or tell us about a lower price?

  • See Complete Table of Contents

Product Description

From the Inside Flap

"We're Secure, We Have a Firewall"

If only we got a nickel every time we heard a client utter this pithy phrase. On second thought, that would unfortunate as we would probably not be writing this book; we'd be sipping Pina Colada's on some white sand beach by now...Is the web threat real? It's all too real.

To Err is Human

After performing hundreds of security reviews over the decades, the authors have known for some time what you are about to know (if you don't already): Nothing can be truly secure. Error is at the heart of every security breach and as the saying goes: to err is human. No level of firewall, intrusion detection system (IDS), or anti-virus software will make you secure. Surprised this type of comment introduces a security book? Don't be. It is the harsh reality that must be accepted before the race to security can be started.

So what should we do, just throw up our hands, turn the power off to our computers and revert back 30 years; forgetting this Internet or the modem or the computer really happened? Sure, you can do that but you would be alone in your efforts. The Internet and all it has to offer is undeniable: increased communication, increased information sharing, connecting with people of all races, creeds, colors, sexes, and intelligence without boundaries or limits. And that's just the home user's benefits. Businesses use the Internet 24 hours a day, 7 days a week, making revenue and transmitting funds around the world at the blink of an eye. Anyone who denies the ubiquity and staying power of the Internet is just kidding themselves.

Writing on the Wall

Over three years ago, one of the authors wrote a foreboding article that was indicative of things to come.The writing was on the security wall at that time but no one wanted to believe it, much less talk about it. They were too caught up in either hyped technologies such as Firewalls, IDS, and virtual private networks (VPN), or peripheral technologies that never hit mainstream, such as Public Key Infrastructure (PKI), Distributed Computing Environment (DCE), and single signon.

So why the tremendous interest in the Web and its security now? Because hacking events are frequent in today's connected world. And people are beginning to understand how a single vulnerability in a web application can expose an entire company's jewels to an attacker (a.k.a. Code Red and Nimda worms).

Book Organization

This book as been organized into four sections:

  • E-Commerce Playground
  • URLs Unraveled
  • How do they do it?
  • Advanced Web Kung Fu
  • The content in each section gets progressively more advanced in its content and delivery, going from a brief web languages introduction (Chapter 1) to finding and exploiting your own buffer overflows (Chapter 14). But don't let the pace derail your learning. If you missed something, you can probably pick it up as you go along.

    The first two sections are focused to give the reader a preliminary and then more intermediate introduction into the world of the web. In "E-Commerce Playground" we show you how the web works, its languages, applications, databases, protocols, and syntax. In "URLs Unraveled", we delve into the meaning of the URL, what is important to an attacker, how visible code can be helpful to an attacker, and we show you how mapping web sites can be critical to an attacker's repertoire.

    In the third section, "How do they do it?" we demystify the art of web hacking, how it is pulled off, and how simple steps at development time can eliminate a significant portion of the threat. This section is bar far the meatier of the sections in terms of information and often provides the greatest clues as to how hackers do what they do. Each chapter provides both a detailed analysis of the hack as well as a countermeasure section at the end which helps prevent the hack.

    In the fourth section, "Advanced Web Kung Fu," we discuss some advanced web hacking concepts, methodologies, and tools that simply cannot be missed.

    Finally, at the end of the book you will find Appendices that include a listing of common web ports on the Internet, cheat sheets for remote command execution and source code disclosure techniques, among other additions.


    From the Back Cover

    "Both novice and seasoned readers will come away with an increased understanding of how Web hacking occurs and enhanced skill at developing defenses against such Web attacks. Technologies covered include Web languages and protocols, Web and database servers, payment systems and shopping carts, and critical vulnerabilities associated with URLs. This book is a virtual battle plan that will help you identify and eliminate threats that could take your Web site off line..."
    --From the Foreword by William C. Boni, Chief Information Security Officer, Motorola
    "Just because you have a firewall and IDS sensor does not mean you aresecure; this book shows you why."
    --Lance Spitzner, Founder, The Honeynet Project
    Whether it's petty defacing or full-scale cyber robbery, hackers are moving to the Web along with everyone else. Organizations using Web-based business applications are increasingly at risk. Web Hacking: Attacks and Defense is a powerful guide to the latest information on Web attacks and defense. Security experts Stuart McClure (lead author of Hacking Exposed), Saumil Shah, and Shreeraj Shah present a broad range of Web attacks and defense.

    Features include:

    • Overview of the Web and what hackers go after
    • Complete Web application security methodologies
    • Detailed analysis of hack techniques
    • Countermeasures
    • What to do at development time to eliminate vulnerabilities
    • New case studies and eye-opening attack scenarios
    • Advanced Web hacking concepts, methodologies, and tools

    "How Do They Do It?" sections show how and why different attacks succeed, including:

    • Cyber graffiti and Web site defacements
    • e-Shoplifting
    • Database access and Web applications
    • Java™ application servers; how to harden your Java™ Web Server
    • Impersonation and session hijacking
    • Buffer overflows, the most wicked of attacks
    • Automated attack tools and worms

    Appendices include a listing of Web and database ports, cheat sheets for remote command execution, and source code disclosure techniques.

    Web Hacking informs from the trenches. Experts show you how to connect the dots--how to put the stages of a Web hack together so you can best defend against them. Written for maximum brain absorption with unparalleled technical content and battle-tested analysis, Web Hacking will help you combat potentially costly security threats and attacks.


    See all Product Description

    Customer Reviews

    4.6 out of 5 stars
    5 star
    4 star
    3 star
    2 star
    1 star
    See all 10 customer reviews
    Share your thoughts with other customers

    Top Customer Reviews

    Format: Paperback
    This no-fluff book weighs in at just under 500 pages that are guaranteed to quell any feelings of complacency you may have about the safety of your website. One of the gnawing concerns I live with is that my website will be hacked. I can't say this book made me feel better about that fear, but it brought to light a number of things to talk to my people about. Using real-world examples, it explains the kinds of openings hackers look for, and the ways they exploit those openings to do their damage. In some senses, this book is not just a warning, it is also a how-to for Internet security.
    The general premise of this book is that no one is safe from attack, and if you're not already a victim, that's only a matter your good luck so far. Read this book. Study it carefully. Keep it on the nearest, most convenient bookshelf. New kinds of attacks are being developed all the time. But this book will prepare you for what's out there so far, and give you some insight into the kinds of things to watch for in the future.
    Was this review helpful to you? Yes No Sending feedback...
    Thank you for your feedback.
    Sorry, we failed to record your vote. Please try again.
    Report abuse
    Format: Paperback
    Web Hacking: Attacks and Defense is quite similar to 'Hacking Exposed Web Applications' by Joel Scambray & Mike Shema.
    Both Hacking Exposed Web Applications and Web Hacking: Attacks and Defense will clearly open one's eyes to the risks of web hacking. Forgetting for a minute the myriad vulnerabilities that effect many software products (including Windows, Apache, ColdFusion, and more), both books show how poorly written software, and misconfigured web servers make the penetration of web servers child's play.
    Both books provide step-by-step instructions in a easy to read style for hardening web servers against attack. For those that have read previous and are comfortable with books in the Hacking Exposed serious, Hacking Exposed Web Applications uses the same easy to read and well organized style. Web Hacking: Attacks and Defense has almost the same amount of content, but is written in a slightly more technical manner.
    Both books clearly explain how hackers gather information, acquire targets, gain control, and afterwards cover their track. Anyone interested in ensuring their web servers are secured should definitely read these books.
    Both books have a lot of value even for those who are not so security conscious. For those with an interest in security, one's eyes will be open to the myriad places where vulnerabilities lie, from software, to scripts, mark-up files, and more. Anyone concerned with web server security should definitely read these books, or at least ensure their system administrators do.
    Was this review helpful to you? Yes No Sending feedback...
    Thank you for your feedback.
    Sorry, we failed to record your vote. Please try again.
    Report abuse
    Format: Paperback
    "Web Hacking: Attacks and Defenses" is a book the shows how, and in some cases why, web platforms are compromised. In addition to explaining common methods to victimize web systems, the authors provide a basic background on web technologies. Combined with integrated case studies, "Web Hacking" stands as a strong introduction to the art and science of attacking web platforms.

    "Web Hacking" offered several appealing aspects, and several disappointing drawbacks. On the positive side, I found the numerous tables very helpful. These included lists of ISAPI filters, MS SQL stored procedures, form elements, and other web technology items. The authors also share their methodology for assessing web platforms, simulating their checklists and evaluation matrices. The appendices were appreciated as well.

    On the negative side, "Web Hacking" suffers from subtle typos. This can be beyond the authors' control, but annoying nevertheless. For example, 0x11111111 is 255 decimal, not 256 as shown on page 371. More troubling was the authors' repeated criticisms of network based intrusion detection systems. While NIDS are not perfect, they do serve purposes the authors don't seem to appreciate. Encryption may prevent NIDS from collecting the content of a session, but what if we only care to collect transactional data summarizing that session?

    Incidentally, Barnaby Jack's work on the buffer overflow section (chapter 14) was worth reading. Overall, "Web Hacking" belongs on your bookshelf, although many may find "Hacking Exposed: Web Applications" to be more comprehensive.
    Was this review helpful to you? Yes No Sending feedback...
    Thank you for your feedback.
    Sorry, we failed to record your vote. Please try again.
    Report abuse
    Format: Paperback
    So you heard all this hype on Web Hacking, and want to know more about this matter.
    Well, if you think about the web as an e-commerce platform, then just Buy 'Web Security, Privacy & Commerce' by Garfinkel and Spafford, an excellent and classic book.
    Are you interested in 'pure hacking'? I mean 'perl scripts', cross site and traversal attacks, hackers jargon, and all the related issues..... then buy 'Hacking Web Applications Exposed' by Scambray and Shema. Excellent book too, and excellent authors. But beware, it is not for newbies. You MUST have a lot of background to fully understand the attacks.
    Now, what about an easier generic book, covering the same issues as the others but in a step by step and kinder way.? A book to start from zero, but leading to understand all the currently related themes. Well, if this is what you want, then 'Web Hacking' is your book. It covers all that need to be covered in this area. In an easy and well structured way. The reading is very light and the authors 'break down' of the matter, makes the contents very intuitive.
    The book is structured into four main sections (covering the same areas as the previously referred books) :
    ** The E-commerce Playground
    ** URLs Unraveled
    ** How Do They Do It?
    ** Advanced Web Kung Fu
    It includes also, several interesting appendixes (specially useful the 'cheat sheet' appendix).
    A lot of simple case studies (of the kind 'Bob and Alice') are presented as well as some more technical analyses (Code Red, Nimda etc.)
    If I were to select a book as a reference for a first course on web security, 'Web Hacking' would be my choise. Definitively.
    Was this review helpful to you? Yes No Sending feedback...
    Thank you for your feedback.
    Sorry, we failed to record your vote. Please try again.
    Report abuse

    Most recent customer reviews