- Taschenbuch: 768 Seiten
- Verlag: John Wiley & Sons; Auflage: 1. Auflage (19. Oktober 2007)
- Sprache: Englisch
- ISBN-10: 0470170778
- ISBN-13: 978-0470170779
- Größe und/oder Gewicht: 18,8 x 4,1 x 23,4 cm
- Durchschnittliche Kundenbewertung: Schreiben Sie die erste Bewertung
- Amazon Bestseller-Rang: Nr. 219.176 in Fremdsprachige Bücher (Siehe Top 100 in Fremdsprachige Bücher)
- Komplettes Inhaltsverzeichnis ansehen
The Web Application Hacker?s Handbook: Discovering and Exploiting Security Flaws (Englisch) Taschenbuch – 19. Oktober 2007
Dieses Buch gibt es in einer neuen Auflage:
Kunden, die diesen Artikel gekauft haben, kauften auch
Welche anderen Artikel kaufen Kunden, nachdem sie diesen Artikel angesehen haben?
Es wird kein Kindle Gerät benötigt. Laden Sie eine der kostenlosen Kindle Apps herunter und beginnen Sie, Kindle-Bücher auf Ihrem Smartphone, Tablet und Computer zu lesen.
Geben Sie Ihre Mobiltelefonnummer ein, um die kostenfreie App zu beziehen.
Wenn Sie dieses Produkt verkaufen, möchten Sie über Seller Support Updates vorschlagen?
"If you have an interest in web application security, I would highly recommend picking up a copy of this book, especially if you’re interested in being able to audit applications for vulnerabilities".
—Robert Wesley McGrew, McGrew Security
"If you have an interest in web application security, I would highly recommend picking up a copy of this book, especially if you’re interested in being able to audit applications for vulnerabilities". — Robert Wesley McGrew, McGrew SecurityAlle Produktbeschreibungen
Die hilfreichsten Kundenrezensionen auf Amazon.com
Get the book if you are not keen on vulnerable cookie-cutter code and hacker prone pages.
The "take away" from this book is that a site author has to take a system wide look a the site -- particularly if there is an interaction between the visitor and the server.
The book looks at the spectrum of tools available to inspect, analyze and even alter the data flowing between the visitor's browser and the site's server. It doesn't take long to realize that if someone has the tools and wants to spend the time practically any transaction between a browser and server is vulnerable.
OK, if you've read this far you already appreciate the value of defensive programming to make software maintainable. What this book gives you is solid examples of what you have to look out for. There's the obvious blunders like stashing key variables in cookies where the hacker can diddle them. But there are subtleties like how a SSI error message can guide a hacker script to discover an ID or password.
Anyway, enough ranting about the state of the industry and on to this book. I have a large bookshelf of security books - many in pristine condition. This one is well worn and dog-eared as it gets a lot of use. It works equally well read from cover to cover and as a future reference. Read in sequence, it is logical and introduces concepts in layers that build understanding on various topics. The chapter breakdown is also very well thought through - attacking client-side controls, authentication schemes, session management, code injection etc. As a reference, it provides thorough coverage describing how a class of exploit works, ways of exploiting it and ways of defending it. The coverage on XSS is the best I have seen in any one reference (you can certainly find all of the info on the net, but this book will save you a lot of time).
I just noticed that there is a v2 of this book. Assuming it is the same quality as the original, I would recommend that as this is now a little dated. That said, I see many of the flaws covered in this book are still highly relevant today, but the tools have moved on a bit since then. If however you bought v1, you would not be disappointed.