Hacking Web Apps
Detecting and Preventing Web Application Security Problems
By Mike Shema
Publisher: Elsevier / Syngress
Final Release Date: October 2012
Pages: 296

How can an information security professional keep up with all of the hacks, attacks, and exploits on the Web? One way is to read Hacking Web Apps. The content for this book has been selected by author Mike Shema to make sure that we are covering the most vicious attacks out there. Not only does Mike let you in on the anatomy of these attacks, but he also tells you how to get rid of these worms, trojans, and botnets and how to defend against them in the future. Countermeasures are detailed so that you can fight against similar attacks as they evolve.

Attacks featured in this book include:

• SQL Injection

• Cross Site Scripting

• Logic Attacks

• Server Misconfigurations

• Predictable Pages

• Web of Distrust

• Breaking Authentication Schemes

• HTML5 Security Breaches

• Attacks on Mobile Apps

Even if you don’t develop web sites or write HTML, Hacking Web Apps can still help you learn how sites are attacked—as well as the best way to defend against these attacks. Plus, Hacking Web Apps gives you detailed steps to make the web browser – sometimes your last line of defense – more secure.



  • More and more data, from finances to photos, is moving into web applications. How much can you trust that data to be accessible from a web browser anywhere and safe at the same time?
  • Some of the most damaging hacks to a web site can be executed with nothing more than a web browser and a little knowledge of HTML.
  • Learn about the most common threats and how to stop them, including HTML Injection, XSS, Cross Site Request Forgery, SQL Injection, Breaking Authentication Schemes, Logic Attacks, Web of Distrust, Browser Hacks and many more.
Product Details
Recommended for You
Customer Reviews

REVIEW SNAPSHOT®

by PowerReviews
oreillyHacking Web Apps
 
4.7

(based on 3 reviews)

Ratings Distribution

  • 5 Stars

     

    (2)

  • 4 Stars

     

    (1)

  • 3 Stars

     

    (0)

  • 2 Stars

     

    (0)

  • 1 Stars

     

    (0)

100%

of respondents would recommend this to a friend.

Reviewed by 3 customers

Sort by

Displaying reviews 1-3

Back to top

 
5.0

Prepare to escape from your comfort zone

By dahla

from Ringsted, Denmark

About Me Developer

Verified Reviewer

Pros

  • Informational
  • Interesting
  • Well-written

Cons

    Best Uses

    • Intermediate

    Comments about oreilly Hacking Web Apps:

    This book takes you on a rollercoaster ride bringing you well out of you comfort zone thinking about your security and privacy on the web. Mike manages to show you some easily exploitable quirks that may exist in most likely any webapplication. Quirks that you need to know exist if you are a web developer.

    Having developed various websites over the years I knew of many of the entry points that could be used for hacking a website. Still I was educated when I read through this book. Something as simple as sending a Null character to a website that can sometimes render havoc if not managed properly. Also using unexpected encodings can cause problems. I was not surprised by this, but never thought it through earlier. It definitely made me reconsider my coding practices.

    The chapter about wrecking the logical flow on a website was also very interesting, as it requires the developer of a site to be very certain about how state is managed. I think many sites might not handle this properly, so definitely a read worth. Next time I'm testing a website, this is something I will focus on much more, as Mike manages to make it seem so easy to hack the website using no extraordinary tools but a browser.

    Mike also introduces the concept of hacking a barcode scanner by creating various barcodes, which may produce sql injections in the application managing the scanning. Also bringing the concept about QR-tags, which can also be misused. Also an area that should be considered properly when developing any app using real world integration.

    All in all this is a book I can highly recommend. If you haven't read it already, then what are you waiting for… It doesn't matter if you are a developer or if you are just a security and privacy concerned webuser, this book should matter to you.

    Disclaimer: I received a free electronic copy of this book as part of the O'Reilly Blogger Program

     
    4.0

    Hacking Web Apps

    By Mat

    from Bentonville, AR

    About Me Sys Admin

    Verified Reviewer

    Pros

    • Accurate
    • Concise
    • Easy to understand
    • Helpful examples
    • Well-written

    Cons

    • Too basic

    Best Uses

    • Novice
    • Student

    Comments about oreilly Hacking Web Apps:

    The web is vulnerable. We all know this. Hacking Web Apps explores eight core areas of web applications with information needed for both attack and defense. Those are:

    HTML5
    XSS
    CSRF
    SQLi
    Authentication
    Abusing Design
    Platform Weaknesses
    Browser/Privacy Attacks

    This book is NOT an in-depth technical manual for new exploitation techniques. Treat this book as a textbook providing academic content with some code samples and you'll be alright. The book provides some high level attacks (and code) along with some humorous "epic fails" which tie into the topic at hand.

    The one thing I really appreciated about this book was it's mention of the defensive countermeasures associated with each attack, giving enterprise defenders knowledge of the attack, but also how the attack could be mitigated.

    Your mileage with this book will vary depending on what you're looking for and your level of experience. If you're looking for an academic book with clear concepts and real world history/notoriety of attacks, this you can't go wrong with this book. If you're looking for a book more focused strictly on red-team tactics, then this book isn't for you.

     
    5.0

    A must read for every developer

    By Fabio Alessandro Locati

    from Milan, Italy

    About Me Developer, Sys Admin

    Verified Reviewer

    Pros

    • Accurate
    • Easy to understand
    • Helpful examples

    Cons

      Best Uses

      • Intermediate
      • Student

      Comments about oreilly Hacking Web Apps:

      Have you ever thought that the website you are developing or using is secure? Well, this book will make you change your opinion. This book will change your idea of security and therefor you'll start to see anything as "probably having some security glitch".

      Mike Shema speaks about a lot of different kind of attacks in his book in a real deep way, at the point that sometimes I wondered if he was planning to instruct people how to hack websites or only how to secure own websites.The book has often some code samples that allow a faster understanding of what the author is saying. Even if a coding knowledge is not required, the ability to understand HTML, JS, SQL, PHP, Python and C++ speeds up the reading.

      Somewhere in the introduction, the author declares that the book is good for different type of people, including executive level management. Even if I agree with the author that this book has a wide audience, I don't agree about the executive level management being in the audience of the book because I think it would be too specific and technical for a person with that kind of focus. I would mainly suggest this book to any developer that has not yet read it and to any project manager that has to deal with products that may expose security glitch.

      Disclaimer: I received a free electronic copy of this book as part of the O'Reilly Blogger Program

      Displaying reviews 1-3

      Back to top

       
      Buy 2 Get 1 Free Free Shipping Guarantee
      Buying Options
      Immediate Access - Go Digital what's this?
      Ebook: $49.95
      Formats:  ePub, Mobi, PDF