Showing posts with label Cyber Security Book Reviews. Show all posts
Showing posts with label Cyber Security Book Reviews. Show all posts

Thursday, October 11, 2012

Book Review: The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws


I just read the Dafydd Stuttard's 2nd edition of The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws. I've read many book on penetration testing. But this one takes the lead as far as securing your web applications go.

 I'm going to start by comparing it to the first. The first book on Web Application hacking, The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws by Dafydd Stuttard was already on a class of its own. During that time, I was just a real beginner. I still am, there's no doubt about it. But during that time, I didn't know squat about information security. Still, I learned a lot. I grappled a bit with the concepts and searched on Google more than a couple of times. But I realld id learn a lot. I also tried applying the concepts by using virtual machines - I had a vulnerable web application on the Apache web server, which I installed on a Linux virtual machine in VMWare. It was a real struggle. But I made it through the fire.


The second book which has a slightly different title, The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws, raised the bar even higher. Having learned my lesson from the first book, I just have to say that this is also really intended for intermediate to advanced practitioners of web application security. If you're a beginner like me, then you will have to undergo the same struggles I took to learn from the first book. It has enough coverage but it also breaks the topics even further down. But you have to know your stuff. The author doesn't just shallowly jump around various topics like other books do.



Below are new topics included in this 2nd edition which differ from the first book (as mentioned in Amazon):

  • Discover how cloud architectures and social networking have added exploitable attack surfaces to applications
  • Leverage the latest HTML features to deliver powerful cross-site scripting attacks
  • Deliver new injection exploits, including XML external entity and HTTP parameter pollution attacks
  • Learn how to break encrypted session tokens and other sensitive data found in cloud services
  • Discover how technologies like HTML5, REST, CSS and JSON can be exploited to attack applications and compromise users
  • Learn new techniques for automating attacks and dealing with CAPTCHAs and cross-site request forgery tokens
  • Steal sensitive data across domains using seemingly harmless application functions and new browser features



So if you really want to learn something about web application hacking and if you have the tenacity to research on topics that seem unclear. Then go for The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws. You won't just gain the top-level familiarity often provided by most security books. You will surely learn the skills needed to hack web applications. Guaranteed. That's why even seasoned veterans would even but for this awesome reference.

 I would definitely recommend getting this to beef up your knowledge arsenal on web application security.