WebApp Sec mailing list archives
[WEB SECURITY] The Web Application Hacker's Handbook
From: "PortSwigger" <mail () portswigger net>
Date: Mon, 22 Oct 2007 19:24:08 +0100
The Web Application Hacker's Handbook has just been published (in the US at least - the rest of the world catches up shortly). Co-authored by PortSwigger (creator of Burp), this book aims to be the most deep and comprehensive general purpose guide to hacking web applications that is currently available. The book is highly practical in focus, and describes in detail the steps involved in detecting and exploiting all kinds of web application security flaws. The coverage is broad, from easy attacks like password guessing through to advanced techniques like blind code injection, reversing client-side components, and uncovering subtle logic flaws. Each topic is illustrated using real-world examples, screen shots and code extracts. In addition to specific vulnerabilities, the book describes numerous techniques such as mapping an application's attack surface, leveraging automation to speed up customised attacks, and finding security bugs in source code. It also includes a comprehensive methodology for performing web application penetration tests. You can view the full table of contents and read some extracts from the book here: http://www.amazon.com/dp/0470170778 Cheers, PortSwigger ------------------------------------------------------------------------- Sponsored by: Watchfire Cross-Site Scripting (XSS) is one of the most common application-level attacks that hackers use to sneak into web applications today. This whitepaper will discuss how traditional XSS attacks are performed, how to secure your site against these attacks and check if your site is protected. Cross-Site Scripting Explained - Download this whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701700000009405 -------------------------------------------------------------------------
Current thread:
- [WEB SECURITY] The Web Application Hacker's Handbook PortSwigger (Oct 24)