| This book is about Web Application Hacking. The world-renowned authors teach the reader to use publicly available tools to conduct thorough assessments of web application. This assessment process provides the reader with an understanding of Web application vulnerabilities and how they are exploited. The book goes on to teach the reader to detect, exploit, and ultimately prevent these vulnerabilities. Next, the authors cover advanced techniques of exploiting vulnerabilities such as SQL Injection, Arbitrary command injection, and more.
· Learn to defend Web-based applications developed with AJAX, SOAP, XMLPRC, and more.
· See why Cross Site Scripting attacks can be so devastating.
· Download working code from the companion Web site.
About the Author
Steve has 16 years of experience in the information technology industry. Steve has worked for several very successful security boutiques as an ethical hacker. Steve has found hundreds of previously undiscovered critical vulnerabilities in a wide variety of products and applications for a wide variety of clients. Steve has performed security assessments and penetration tests for clients in many diverse industries and government agencies. He has performed security assessments for companies in many different verticals such as the entertainment, oil, energy, pharmaceutical, engineering, automotive, aerospace, insurance, computer & network security, medical, and financial & banking industries. Steve has also performed security assessments for government agencies such as the Department of Interior, Department of Treasury, Department of Justice, Department of Interior, as well as the Intelligence Community. Steves findings have lead to the entire Department of Interior being disconnected from the Internet. Prior to being a security consultant Steve worked as a System Administrator, administering firewalls, UNIX systems, and databases for the Department of Defense, Department of Treasury, and the Department of Justice. Prior to that, Steve served 6 years in the United States Navy as an Electronics Technician. Steve has also written several security tools which have yet to be released publicly. Steve is also a member of the FBIs Infragard organization. |
