Es wird kein Kindle Gerät benötigt. Laden Sie eine der kostenlosen Kindle Apps herunter und beginnen Sie, Kindle-Bücher auf Ihrem Smartphone, Tablet und Computer zu lesen.

  • Apple
  • Android
  • Windows Phone
  • Android

Geben Sie Ihre Mobiltelefonnummer ein, um die kostenfreie App zu beziehen.

Kindle-Preis: EUR 24,00
inkl. MwSt.

Diese Aktionen werden auf diesen Artikel angewendet:

Einige Angebote können miteinander kombiniert werden, andere nicht. Für mehr Details lesen Sie bitte die Nutzungsbedingungen der jeweiligen Promotion.

An Ihren Kindle oder ein anderes Gerät senden

An Ihren Kindle oder ein anderes Gerät senden

Facebook Twitter Pinterest <Einbetten>
Web Security Testing Cookbook: Systematic Techniques to Find Problems Fast von [Hope, Paco, Walther, Ben]
Anzeige für Kindle-App

Web Security Testing Cookbook: Systematic Techniques to Find Problems Fast 1 , Kindle Edition

Alle 4 Formate und Ausgaben anzeigen Andere Formate und Ausgaben ausblenden
Neu ab Gebraucht ab
Kindle Edition
"Bitte wiederholen"
EUR 24,00

Englische Kindle AusLese
Jeden Monat vier außergewöhnliche englische Neuerscheinungen für je nur 1,99 EUR - empfohlen vom Amazon-Team. Erfahren Sie hier mehr über das Programm und unsere aktuellen Leseempfehlungen.



Among the tests you perform on web applications, security testing is perhaps the most important, yet it's often the most neglected. The recipes in the Web Security Testing Cookbook demonstrate how developers and testers can check for the most common web security issues, while conducting unit tests, regression tests, or exploratory tests. Unlike ad hoc security assessments, these recipes are repeatable, concise, and systematic-perfect for integrating into your regular test suite.

Recipes cover the basics from observing messages between clients and servers to multi-phase tests that script the login and execution of web application features. By the end of the book, you'll be able to build tests pinpointed at Ajax functions, as well as large multi-step tests for the usual suspects: cross-site scripting and injection attacks. This book helps you:

  • Obtain, install, and configure useful-and free-security testing tools
  • Understand how your application communicates with users, so you can better simulate attacks in your tests
  • Choose from many different methods that simulate common attacks such as SQL injection, cross-site scripting, and manipulating hidden form fields
  • Make your tests repeatable by using the scripts and examples in the recipes as starting points for automated tests

Don't live in dread of the midnight phone call telling you that your site has been hacked. With Web Security Testing Cookbook and the free tools used in the book's examples, you can incorporate security coverage into your test suite, and sleep in peace.


"Web Security Testing Cookbook" gives developers and testers the tools they need to make security testing a regular part of their development lifecycle. You'll find recipes related to manual, exploratory testing as well as recipes for automated security testing that you can make part of your regression cycle. The recipes cover the basics like observing messages between clients and servers, to multi-phase tests that script the login and execution of web application features. This book provides developers the techniques they need to consider security in their unit tests. Testers will find a wealth of techniques for building web security test cases and executing them. "Web Security Testing Cookbook" also leverages free tools, and not only because they save you considerable expense. In security, perhaps more than in any other specialized discipline, the best tools tend to be free.The book offers recipes in four different sections to help you: learn basics concepts to develop tests, and obtain and set up the tools you'll use; automate tools and scripts to test a web application in a systematic way; also learn methods to bypass client side input validation for various purposes, such as SQL injection, cross-site scripting, and manipulating hidden form fields; and, focus on the session by finding identifiers, analyzing how predictable they are, and manipulating them with tools.

This practical book focuses on how to test web applications - not what web security consists of or why developers should test. Leverage the recipes to add significant security coverage to your testing without adding significant time and cost to your effort.


  • Format: Kindle Edition
  • Dateigröße: 4254 KB
  • Seitenzahl der Print-Ausgabe: 314 Seiten
  • Gleichzeitige Verwendung von Geräten: Keine Einschränkung
  • Verlag: O'Reilly Media; Auflage: 1 (14. Oktober 2008)
  • Verkauf durch: Amazon Media EU S.à r.l.
  • Sprache: Englisch
  • ASIN: B0026OR3FI
  • Text-to-Speech (Vorlesemodus): Aktiviert
  • X-Ray:
  • Word Wise: Nicht aktiviert
  • Verbesserter Schriftsatz: Nicht aktiviert
  • Durchschnittliche Kundenbewertung: Schreiben Sie die erste Bewertung
  • Amazon Bestseller-Rang: #827.573 Bezahlt in Kindle-Shop (Siehe Top 100 Bezahlt in Kindle-Shop)

  •  Ist der Verkauf dieses Produkts für Sie nicht akzeptabel?


Es gibt noch keine Kundenrezensionen auf
5 Sterne
4 Sterne
3 Sterne
2 Sterne
1 Stern

Die hilfreichsten Kundenrezensionen auf (beta) (Kann Kundenrezensionen aus dem "Early Reviewer Rewards"-Programm beinhalten) 3.7 von 5 Sternen 13 Rezensionen
4 von 4 Kunden fanden die folgende Rezension hilfreich
3.0 von 5 Sternen not bad, but overrated 23. September 2011
Von B. St Pierre - Veröffentlicht auf
Format: Taschenbuch Verifizierter Kauf
I bought this book on the strength of other reviews, and I'm a bit disappointed. It's useful, but not worthy of 5 stars.

The book is structured like the other "Cookbook" titles from O'Reilly. Each chapter has a series of "recipes" that describe a problem, present a solution, and have some discussion about the issue. It's unclear exactly who the target audience is.

Some of the recipes are very basic -- this is good if you've got very little experience working with tools like curl or wget, but not worth much if you've seen these and know how to read the man pages for these tools to find the flag you're looking for. Recipes like these lead me to believe that the audience for the book includes people who are very new to web technologies.

Other recipes are meaty enough -- there are several recipes that have page-long perl or bash scripts to automate (for example) the hunt for XSS vulnerabilities.

But then again, I can't see how a rookie web tester can possibly get through the book without a lot of head scratching. While vulnerabilities like cross-site scripting (XSS) and SQL injection are mentioned frequently, they are never defined, and their mechanism of operation is never clearly laid out. This leads me to believe that the target audience is people with at least an intermediate-level understanding of what these attacks mean, how they are performed, and what happens behind the scenes.

I was disappointed to see a couple of serious errors after only browsing through the recipes for an hour or so. For example, on page 90 the authors state that on Unix/Linux systems, filenames can contain slashes. This is incorrect: slashes are the only non-NUL character *not* allowed in a Linux filename. Verifying this fact only takes about two minutes of web searching.

Throughout the entire book, the authors conflate the "HTML source" with the "source code" of the web application. This is unnecessarily confusing. The "source code" would be the PHP, python, javascript, etc that the client and server sides of the application are coded in. The "HTML source" is simply the HTML that is displayed on particular pages. Examining the HTML source is useful for many things, as they show in various recipes. Examining the "source code" would be an even more productive means of finding flaws in the application, if this is available to you as a tester. (None of the recipes discuss examining the source code, beyond the idea that comments from the source code that leak into the HTML source may give useful hints about internal behavior of the application.)

Some recipes, like "5.8 Uploading Files with Malicious Names" are too shallow. They mention XSS and SQL injection, which are a concern. But they don't discuss directory traversal or code injection in any depth. There's a bear trap icon with a brief sidebar to hint at other possible problems, but this topic could have had another three or four recipes dedicated to it.

Some topics, like SQL Injection, are not sufficiently discussed. SQL injection, while an important web application security topic, is not covered directly by any particular recipe. It is mentioned in passing in a handful of other recipes, but it does not get the attention it deserves.

This *could* be a great book if they figured out the target audience a little better, got rid of the fluff recipes, got rid of some of the gratuitous (and useless) screen shots, and expanded the depth of coverage of some key topics. But it's not all bad -- it's relatively well structured, and I did learn a few new things. At $40 list price I'd pass, at the 40% or so discount on Amazon it's not a bad resource.

If you want to buy a better version of this book, see How to Break Web Software: Functional and Security Testing of Web Applications and Web Services. Book & CD. It's written with a similar formula, but is much better executed. (That text explains SQL injection in detail as well as how to perform SQL injection attacks, for example.)
1 von 1 Kunden fanden die folgende Rezension hilfreich
2.0 von 5 Sternen Two Stars 2. April 2017
Von Rajin K. - Veröffentlicht auf
Format: Taschenbuch Verifizierter Kauf
Kind of outdated
6 von 6 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen Truly Usefull book 3. Januar 2010
Von Ron G - Veröffentlicht auf
Format: Taschenbuch Verifizierter Kauf
This is one of those few books on my bookshelf that I find myself returning to time and time again. My copy is marked, annotated, labeled, etc. so on and so forth. It is indispensable if you work in the industry and IMHO outshines the much larger tome "The Web Application Hackers Handbook". Of particular importance to Web Engineers is also Appendix E found in the book "Sockets, Shellcode, Porting & Coding".

Thanks again Paco, excellent book. Please let us know of the second edition as I will definitely pre-order without a doubt.
1 von 2 Kunden fanden die folgende Rezension hilfreich
4.0 von 5 Sternen good book but not for software developers 28. August 2012
Von David S. James - Veröffentlicht auf
Format: Taschenbuch Verifizierter Kauf
The title of the book should be 'Lockpicking for dummies'. This book is not dedicated to software developers. The writer stuck in the middle of simplicity and complexity. He may use couple of pages explain such obvious things as: 'only client can sends requests to server and not vise versa', 'how to decode base64 string' or 'step by step instruction how to install firefox addon' (I agree, it's so complicated, you may miss 'yes' button but do not worry they added screen shot). At the same time, he may ask you to install apache or perl on your PC. The whole instruction is: URL and 'download and install it'.

As for the book, you can easily recycle first 30% of book.

First chapter is dedicated for those who like 'show off' by using professional terms in conversations instead of doing their job (e.g. if one wants to impress his/her boss with his/her theoretical knowledge).

Second chapter contain just couple of useful words (yes, words not a paragraph): two names of hacker tools you may use for diagnostics purposes the rest will be repeated in 3rd chapter and in the rest of the book.

Third chapter explains each firefox addon separately. What was the reason of separating it, if you will learn that in next chapters on practical examples? :)

Fourth chapter will explain the basics, how to encode URL, what is base64 or hidden field. The one, who decided to become a tester, should have basic knowledge of software development, otherwise it is better to buy program and do automatic tests. I think you will be interested only by the part, which gives some idea about WebScarab tool, which will be used later.

As a conclusion: the book is good for beginner hackers.
5.0 von 5 Sternen It's good, I learned more about security from this 2. November 2015
Von Ahmad - Veröffentlicht auf
Format: Taschenbuch Verifizierter Kauf
It's good , I learned more about security from this book
Waren diese Rezensionen hilfreich? Wir wollen von Ihnen hören.
click to open popover