Great news! My copy of “The Web Application Hacker’s Handbook” has arrived. I have a cup of coffee in hand and it is pissing rain outside. The perfect setting to tuck into this book.
Tags: Web Application Hackers, Web Application Security, Dafydd Stuttard, Marcus Pinto
Well, the delay that I wrote about earlier this month is starting to show it’s reasoning. There is no sign of James Foster and the book is almost 100 pages shorter that is advertised on Amazon.
Product Details
* Paperback: 352 pages (actual 261)
* Publisher: Syngress; 1 edition (Aug 31 2007)
* Language: English
* ISBN-10: 1597490741
* ISBN-13: 978-1597490740
* Product Dimensions: 23.9 x 19.6 x 2 cm
* Shipping Weight: 454 g
So, what happened to James Foster’s contribution? Was there a falling out?
UPDATE: On a personal note, not impressed with this book.
Tags: Metasploit Toolkit, Metasploit Book, Metasploit Toolkit Book
Well, I have resurrected the Liquidmatrix Book Store. I took it down a couple years ago but, now it has returned. I need to pay the bills (shameless).
So, stop in and see if there is a book that you might be interested in. Also, if there are any that should be in the book store please let me know. It’s a growing endeavour and I’m open to suggestions.
Check out the Book Store.
Tags: Book Store, Books, Security Books, Hacking Books, Information Security Books
I received some great news today. I got an email from Dafydd Stuttard (aka PortSwigger) today that his upcoming book “The Web Application Hacker’s Handbook” (in conjunction with Marcus Pinto) is coming along nicely as evidenced by the table of contents. I’m really looking forward to this book. I pre-ordered this one at the end of July. By sheer happenstance Daf turned out to be one of my instructors at Black Hat.
Here is a synopsis of the book from Amazon:
This book is a practical guide to discovering and exploiting security flaws in web applications. The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications.
The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results.
Now the other nugget of information that he was good enough to share is that he is hard at work on the next version of the Burp Suite. What is Burp you say? Well,
Burp suite is an integrated platform for attacking web applications. It contains all of the burp tools (proxy, spider, intruder and repeater) with numerous interfaces between them designed to facilitate and speed up the process of attacking a web application. All plugins share the same robust framework for handling HTTP requests, authentication, downstream proxies, logging, alerting and extensibility.
Basically, it’s what Paros Proxy could have been if it were still maintained and then some. The new version of Burp Suite should be out soon.
Support Marcus and Daf and BUY THE BOOK
Tags: PortSwigger, Web Application Hackers Handbook, Burp Proxy
When I read that Foster and Maynor were putting out a book I signed up August 6th. Then the problems started.
First there was this email from Amazon.
We wanted to let you know there’s a delay with one or more
items in the order you placed on August 06 2007 15:06 PDT
(Order# 123-1234567-1234567).James Foster (Author), David Maynor (Author) “Metasploit Toolkit
for Penetration Testing, Exploit Development, and Vulnerability
Research” [Paperback]
That time I was told that the order would ship during the first week of September. No problem.
Then, I received this email.
Items not yet shipped:
Delivery estimate: Nov 8 2007 - Nov 9 2007* 1 of: Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research
What’s going on? My finger is hovering over the cancel button.
Kidding.
Tags: Metasploit Toolkit for Penetration Testing, James Foster, David Maynor
Add to Google
Add to my Yahoo
Add to MSN
Add to Bloglines
Add to Newsgator
