The Last HOPE
-->
         
         
Email us! Subscribe to Liquidmatrix!

Book: The Web Application Hacker’s Handbook

Author: Dave Lewis
September 12, 2007 at 8:11 pm · Filed under Books

Click the image to buy the book from Amazon!

I received some great news today. I got an email from Dafydd Stuttard (aka PortSwigger) today that his upcoming book “The Web Application Hacker’s Handbook” (in conjunction with Marcus Pinto) is coming along nicely as evidenced by the table of contents. I’m really looking forward to this book. I pre-ordered this one at the end of July. By sheer happenstance Daf turned out to be one of my instructors at Black Hat.

Here is a synopsis of the book from Amazon:

This book is a practical guide to discovering and exploiting security flaws in web applications. The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications.

The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results.

Now the other nugget of information that he was good enough to share is that he is hard at work on the next version of the Burp Suite. What is Burp you say? Well,

Burp suite is an integrated platform for attacking web applications. It contains all of the burp tools (proxy, spider, intruder and repeater) with numerous interfaces between them designed to facilitate and speed up the process of attacking a web application. All plugins share the same robust framework for handling HTTP requests, authentication, downstream proxies, logging, alerting and extensibility.

Basically, it’s what Paros Proxy could have been if it were still maintained and then some. The new version of Burp Suite should be out soon.

Support Marcus and Daf and BUY THE BOOK

Tags: , ,

Tag It: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Slashdot
  • Technorati
  • SphereIt
  • StumbleUpon
  • Fark
  • YahooMyWeb
  • Furl
  • Spurl
  • Ma.gnolia
  • NewsVine
Related Articles:

  • Web Application Hacker’s Handbook Arrives
  • The Book Store Is Now Open
  • Security Briefing: November 7th
  • PCI Council Issues Clarification on Web App Security
  • XSS Exploits

    • Jenny said,

    September 13, 2007 @ 1:24 am

    This is looking awesome - there is a lot in there that not in the other books, like code review, writing attack scripts, logic flaws, & app arcitecture. The book also seems a lot longer than what Amazon say so hopefully has a lot of detail. I will defeinitely order this.

    RSS feed for comments on this post · TrackBack URI

    Leave a Comment