The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws, 9781118026472 (1118026470), John Wiley & Sons, 2011

This book is a practical guide to discovering and exploiting security flaws in web applications. By “web applications” we mean those that are accessed using a web browser to communicate with a web server. We examine a wide variety of different technologies, such as databases, file systems, and web services, but only in the context in which these are employed by web applications.

If you want to learn how to run port scans, attack fi rewalls, or break into servers in other ways, we suggest you look elsewhere. But if you want to know how to hack into a web application, steal sensitive data, and perform unauthorized actions, this is the book for you. There is enough that is interesting and fun to say on that subject without straying into any other territory.

The highly successful security book returns with a new edition, completely updated

Web applications are the front door to most organizations, exposing them to attacks that may disclose personal information, execute fraudulent transactions, or compromise ordinary users. This practical book has been completely updated and revised to discuss the latest step-by-step techniques for attacking and defending the range of ever-evolving web applications. You'll explore the various new technologies employed in web applications that have appeared since the first edition and review the new attack techniques that have been developed, particularly in relation to the client side.

Reveals how to overcome the new technologies and techniques aimed at defending web applications against attacks that have appeared since the previous edition
Discusses new remoting frameworks, HTML5, cross-domain integration techniques, UI redress, framebusting, HTTP parameter pollution, hybrid file attacks, and more
Features a companion web site hosted by the authors that allows readers to try out the attacks described, gives answers to the questions that are posed at the end of each chapter, and provides a summarized methodology and checklist of tasks

Focusing on the areas of web application security where things have changed in recent years, this book is the most current resource on the critical topic of discovering, exploiting, and preventing web application security flaws.

Comments

Amazing Books

Think Python

O'Reilly, 2012

In January 1999 I was preparing to teach an introductory programming class in Java. I had taught it three times and I was getting frustrated. The failure rate in the class was too high and, even for students who succeeded, the overall level of achievement was too low.

One of the problems I saw...

Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition

McGraw-Hill, 2011

This book has been developed by and for security professionals who are dedicated to working in an ethical and responsible manner to improve the overall security posture of individuals, corporations, and nations.

THE LATEST STRATEGIES FOR UNCOVERING TODAY'S MOST DEVASTATING ATTACKS

Thwart malicious network...

Gray Hat Python: Python Programming for Hackers and Reverse Engineers

No Starch Press, 2009

Python is fast becoming the programming language of choice for hackers, reverse engineers, and software testers because it's easy to write quickly, and it has the low-level support and libraries that make hackers happy. But until now, there has been no real manual on how to use Python for a variety of hacking tasks. You had to dig through...

Programming Languages: Principles and Practices

Cengage Learning, 2011

Kenneth Louden and Kenneth Lambert's new edition of PROGRAMMING LANGUAGES: PRINCIPLES AND PRACTICE, 3E gives advanced undergraduate students an overview of programming languages through general principles combined with details about many modern languages. Major languages used in this edition include C, C++, Smalltalk, Java, Ada, ML,...

Windows Server 2012: Up and Running

O'Reilly, 2012

Windows Server 2012 is not only the most significant update to the Windows Server operating system in recent years, but it is also all about cloud computing and the underlying technology for building clouds: virtualization.

Many features familiar to administrators of Server 2008 R2 and other legacy...

Introduction to Java Programming, Brief Version (9th Edition)

Prentice Hall, 2012

This book teaches programming in a problem-driven way that focuses on problem solving rather than syntax. We make introductory programming interesting by using thought-provoking problems in a broad context. The central thread of early chapters is on problem solving. Appropriate syntax and library are introduced to enable readers to write...