Web Security Testing Cookbook
Systematic Techniques to Find Problems Fast
Publisher: O'Reilly Media
Final Release Date: October 2008
Pages: 314

Among the tests you perform on web applications, security testing is perhaps the most important, yet it's often the most neglected. The recipes in the Web Security Testing Cookbook demonstrate how developers and testers can check for the most common web security issues, while conducting unit tests, regression tests, or exploratory tests. Unlike ad hoc security assessments, these recipes are repeatable, concise, and systematic-perfect for integrating into your regular test suite.

Recipes cover the basics from observing messages between clients and servers to multi-phase tests that script the login and execution of web application features. By the end of the book, you'll be able to build tests pinpointed at Ajax functions, as well as large multi-step tests for the usual suspects: cross-site scripting and injection attacks. This book helps you:

  • Obtain, install, and configure useful-and free-security testing tools
  • Understand how your application communicates with users, so you can better simulate attacks in your tests
  • Choose from many different methods that simulate common attacks such as SQL injection, cross-site scripting, and manipulating hidden form fields
  • Make your tests repeatable by using the scripts and examples in the recipes as starting points for automated tests

Don't live in dread of the midnight phone call telling you that your site has been hacked. With Web Security Testing Cookbook and the free tools used in the book's examples, you can incorporate security coverage into your test suite, and sleep in peace.

Table of Contents
Product Details
About the Author
Recommended for You
Customer Reviews


by PowerReviews
oreillyWeb Security Testing Cookbook

(based on 1 review)

Ratings Distribution

  • 5 Stars



  • 4 Stars



  • 3 Stars



  • 2 Stars



  • 1 Stars



Reviewed by 1 customer

Displaying review 1

Back to top

(4 of 4 customers found this review helpful)


Excellent - Very Practical, Comprehensive

By jdruin

from Undisclosed

Comments about oreilly Web Security Testing Cookbook:

As to practical, real-world web testing, this is the best so far.

This book is one of the first I have seen that combines 3 aspects of web testing to make it practical for real-world use.

1) Comprehensiveness

The book covers several types of web testing that hit all the high points.

Tools to use

Initial page analysis (source, input fields, etc)


Modification of input

Automated scanning and pen testing



2) Repeatable

The methods used are repeatable. A pen tester can utilize the steps and the order to build up a practical testing methodology that can be used on many different web applications.

3) Automatable

The authors have many scripts included in the text that testers can use immediately to help automate the testing. The scripts are written in Perl and other common scripting languages that are all free of charge. The scripts all appear to be relatively easy to modify to suit various needs.

The material is presented in an easy to read format. The authors keep it simple and to the point. That being said, they do assume the reader knows basic concepts of how web applications and browsers work but non-techies should have no trouble following the examples.

That being said, the book is relatively short (~250+ pages). The material is covered well without wasting pages on filler, yet still highlights the key areas of web apps that need to be checked.

Displaying review 1

Back to top

Buy 2 Get 1 Free Free Shipping Guarantee
Buying Options
Immediate Access - Go Digital what's this?
Ebook:  $31.99
Formats:  DAISY, ePub, Mobi, PDF
Print & Ebook:  $43.99
Print:  $39.99