am 1. September 2013
There are two issues coming along with this book, which actually should be kept in mind before buying:
1. The authors heavily promote BURP suite (developed by one of the authors) to be used as THE tool for web application testing. However, most of the described functionality is online available with BURP suite Pro, which can be bought for a nice 249 bucks with a single user license.
2. The authors "gently" provide only labs, where one is advised to test the various described attacks. However, as in the case with BURP suite, this does not come without additional costs...
Under the bottom line, the book does not contain real insight knowledge (use Google and you will acquire the same knowledge, probably at the most in a more readable and technical manner). What it contains are numerous ads for BURP suite and attempts to get more money from you! Stay away from buying and do what a researcher does, research already available sources of knowledge, i.e., the Internet and its numerous discussion boards!
@Edit: The further you get in the book, the more yackety-yak it contains. The authors try to avoid conciseness by all means. Sometimes the book acts as counting sheep. Don't buy!
@@Edit: Maybe the authors also should try to get a little bit up to date and not use Windows 98 and IE 5.1 when showing a screenshot of a successful attack. This somehow makes them cockamamie...