Home | Amazing | Today | Tags | Publishers | Years | Account | Search 
The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws

Buy

Hack the planet

Web applications are everywhere, and they're insecure. Banks, retailers, and others have deployed millions of applications that are full of holes, allowing attackers to steal personal data, carry out fraud, and compromise other systems. This innovative book shows you how they do it.

This is hands-on stuff. The authors, recognized experts in security testing, take a practical approach, showing you the detailed steps involved in finding and exploiting security flaws in web applications. You will learn to:

  • Defeat an application's core defense mechanisms and gain unauthorized access, even to the most apparently secure applications
  • Map attack surfaces and recognize potential entry points

  • Break client-side controls implemented within HTML, Java®, ActiveX®, and Flash®

  • Uncover subtle logic flaws that leave applications exposed

  • Use automation to speed up your attacks, with devastating results

  • Delve into source code and spot common vulnerabilities in languages like C#, Java, and PHP

Know your enemy

To defend an application, you must first know its weaknesses. If you design or maintain web applications, this book will arm you with the protective measures you need to prevent all of the attacks described. If you're a developer, it will show you exactly where and how to strengthen your defenses.

Additional resources online at www.wiley.com/go/webhacker

  • Source code for scripts in this book
  • Links to tools and resources

  • Checklist of tasks involved in attacking applications

  • Answers to the questions posed in each chapter

  • A hacking challenge prepared by the authors

About the Author

Dafydd Stuttard is a Principal Security Consultant at Next Generation Security Software, where he leads the web application security competency. He has nine years’ experience in security consulting and specializes in the penetration testing of web applications and compiled software.
Dafydd has worked with numerous banks, retailers, and other enterprises to help secure their web applications, and has provided security consulting to several software manufacturers and governments to help secure their compiled software. Dafydd is an accomplished programmer in several languages, and his interests include developing tools to facilitate all kinds of software security testing.
Dafydd has developed and presented training courses at the Black Hat security conferences around the world. Under the alias “PortSwigger,” Dafydd created the popular Burp Suite of web application hacking tools. Dafydd holds master’s and doctorate degrees in philosophy from the University of Oxford.

Marcus Pinto is a Principal Security Consultant at Next Generation Security Software, where he leads the database competency development team, and has lead the development of NGS’ primary training courses. He has eight years’ experience in security consulting and specializes in penetration testing of web applications and supporting architectures.
Marcus has worked with numerous banks, retailers, and other enterprises to help secure their web applications, and has provided security consulting to the development projects of several security-critical applications. He has worked extensively with large-scale web application deployments in the financial services industry.
Marcus has developed and presented database and web application training courses at the Black Hat and other security conferences around the world. Marcus holds a master’s degree in physics from the University of Cambridge.

(HTML tags aren't allowed.)

Advanced Data Analytics Using Python: With Machine Learning, Deep Learning and NLP Examples
Advanced Data Analytics Using Python: With Machine Learning, Deep Learning and NLP Examples
Gain a broad foundation of advanced data analytics concepts and discover the recent revolution in databases such as Neo4j, Elasticsearch, and MongoDB. This book discusses how to implement ETL techniques including topical crawling, which is applied in domains such as...
The Origins of Language: Unraveling Evolutionary Forces
The Origins of Language: Unraveling Evolutionary Forces
Developments in cognitive science indicate that human and nonhuman primates share a range of behavioral and physiological characteristics that speak to the issue of language origins. This volume has three major themes, woven throughout the chapters. First, it is argued that scientists in animal behavior and anthropology need to move beyond...
Super Searchers Go to School: Sharing Online Strategies with K-12 Students, Teachers, and Librarians (Super Searchers series)
Super Searchers Go to School: Sharing Online Strategies with K-12 Students, Teachers, and Librarians (Super Searchers series)
In 1976, fresh out of library school, I landed an impressive first professional gig. Hired to lead a team of scientists from the Franklin Institute in creating an online database on carcinogen research for Stanford University, I was in absolute awe of the knowledge and expertise of my project partners. But it was...

SQL: Access to SQL Server
SQL: Access to SQL Server

SQL: Access to SQL Server is more than just a comprehensive reference tool for Access developers. You'll also find efficient SQL solutions for common Access problems and tasks, as well as helpful hints and warnings about what to avoid. Learning Jet SQL is an important step from just using Access to developing with...

Elliptically Contoured Models in Statistics and Portfolio Theory
Elliptically Contoured Models in Statistics and Portfolio Theory

Elliptically Contoured Models in Statistics and Portfolio Theory fully revises the first detailed introduction to the theory of matrix variate elliptically contoured distributions. There are two additional chapters, and all the original chapters of this classic text have been updated. Resources in this book will be valuable for researchers,...

Windows Developer Power Tools: Turbocharge Windows Development with More Than 140 Free and Open Source Tools
Windows Developer Power Tools: Turbocharge Windows Development with More Than 140 Free and Open Source Tools

Software developers need to work harder and harder to bring value to their development process in order to build high quality applications and remain competitive. Developers can accomplish this by improving their productivity, quickly solving problems, and writing better code.

A wealth of open source and...

©2019 LearnIT (support@pdfchm.net) - Privacy Policy