Book Review
The Web Application Hacker’s Handbook
By: Dafydd Stuttard and Marcus Pinto Review By: Gamma 2Lt X2600 Logically, in order to defend a web application, you must first know its weakness(s). Today, in a world full of innovation and creative thought, new web applications are popping up left and right, and the vast majority of those applications are vulnerable to exploitation. The Web Application Hacker’s Handbook provides readers with a solid foundation of knowledge of the attacks most commonly used by malicious hackers. While reading, you will learn to:
- Search websites and analyze source code to find common
- vulnerabilities in programming technologies like C#, Java, Perl, and PHP.
- Locate entry points for attacks
- Manually construct attacks
- Automate attacks
- Patch holes in vulnerable web applications
This book covers the basics of web application technologies, such as the HTTP Protocol, client-side and server-side scripting technologies, and basic encoding schemes used on the net. Then the reader is introduced to the basics of hacking, with chapters on mapping web applications and bypassing client-side controls. Attack methodologies that involve injecting code, such as SQL and JavaScript (XSS), are also described in great detail. Later sections of the book deal with other mainstream vulnerabilities and how to automate attacks to reduce the amount of time it takes to take advantage of those vulnerabilities. Finally, a list of useful programs, called “A Web Application Hacker’s Toolkit,” is laid out. In short, this book not only teaches the techniques used by hackers to penetrate web application security, but it will also arm readers with the knowledge needed to prevent all of the attacks described, using step by step instructions that are detailed enough for a novice to understand! Whether you’re a web developer interested in safeguarding your websites against nefarious black-hats, or a rogue hacker answering the call to “HACK THE PLANET,” this book is a must read.
Loading ...