3 Review(s)

The Web Application Hacker's Handbook: Finding And Exploiting Security Flaws has been designed for budding computer enthusiasts who intend to go deeper into the ever changing world of web applications and their vulnerabilities. Summary Of The Book Today, everyone is obsessed with connectivity, and more applications are becoming web based. This has led to more people having access to information available all over the world using real time capabilities, data sharing, and online updates. But, this also exposes people to a range of vulnerabilities, mainly hackers. Once security is compromised, the unsuspecting user is prone to jeopardising personal information, account details, online transaction details, and is completely is at the mercy of the hacker. The Web Application Hacker's Handbook: Finding And Exploiting Security Flaws aims at exposing the various flaws and vulnerabilities that the average web based application contains. The authors explain the various categories of vulnerabilities and security flaws using real-world examples, screenshots, and code extracts. It covers a host of online applications like online banking and e-commerce. The book also encompassses topics like Remoting Frameworks, Cross Domain Integration Techniques, Framebusting, and Hybrid File Attacks. The different topics covered range from injecting code to bypassing various login mechanisms, exploiting intricate logic flaws, and how to compromise other users. As every application is designed and programmed differently, all of them have to be tackled in a different way, but the general principle and methodology remains the same. The book also contains various potential hacking methodologies, designed to explore the various vulnerabilities an application may be exposed to, and also the possible countermeasures. There is also a website provided so that the reader may practice and check the various methods described in the book. The Web Application Hacker's Handbook: Finding And Exploiting Security Flaws describes a tried and tested methodology that encompasses both the power of human intelligence and pinpoint computerized precision, with deadly results. About The Authors Marcus Pinto is an accomplished security expert. He writes extensively on online security, hacking methodologies, and web based applications security. Pinto runs a security consultancy which trains people on web application attack plus defense to cater to leading organisations in a variety of sectors like financial, gaming, retail, and many others. He along with Dafydd Stuttard co-founded MDSec, which is a consulting firm providing training on attack and defence based security. Dafydd Stuttard is a leading expert on web based applications security. Stuttard specializes in the penetration testing phase of web based applications and other compiled software. He is also an author, software developer, and independent security consultant. Stuttard also founded Burp Suite under the alias ‘PortSwigger’, which describes a number of hacking tools.