More and more critical applications have been migrated to websites now. Meanwhile, the security of these apps have become a major challenge to all kinds of institutions. Know yourself as well as the enemy, so that you can fight a hundred battles with no danger of defeat. Similarly, only by understanding the exploitable vulnerabilities exist in web applications and the attack methods adopted by web attackers, we can more effectively ensure the safety of our web apps.

The Web Application Hacker's Handbook can be thought of as the experience essence of several famous web security experts. It systematically expounds how to launch attack and counter attack on a web app, deeply analyzes the attack techniques, procedures and tools. From an overall perspective, it's clearly organized with very detailed content - the authors covered almost every aspect of web attacking. This Second Edition got an overall upgrade, covers the latest attack skills and solutions. Besides, it also lists hundreds of "Vulnerability Lab", in order to help readers to consolidate their learned content and perform actual combat exercises.

Finally, The Web Application Hacker's Handbook is a rare and practical bible for hacker's attack & defense technology, which is suitable for all levels of technicist engaging in fields like computer security, web development and management.

Table Of Contents

  • Chapter 1 Web Application (In)security 1
  • Chapter 2 Core Defense Mechanisms 17
  • Chapter 3 Web Application Technologies 39
  • Chapter 4 Mapping the Application 73
  • Chapter 5 Bypassing Client-Side Controls 117
  • Chapter 6 Attacking Authentication 159
  • Chapter 7 Attacking Session Management 205
  • Chapter 8 Attacking Access Controls 257
  • Chapter 9 Attacking Data Stores 287
  • Chapter 10 Attacking Back-End Components 357
  • Chapter 11 Attacking Application Logic 405
  • Chapter 12 Attacking Users: Cross-Site Scripting 431
  • Chapter 13 Attacking Users: Other Techniques 501
  • Chapter 14 Automating Customized Attacks 571
  • Chapter 15 Exploiting Information Disclosure 615
  • Chapter 16 Attacking Native Compiled Applications 633
  • Chapter 17 Attacking Application Architecture 647
  • Chapter 18 Attacking the Application Server 669
  • Chapter 19 Finding Vulnerabilities in Source Code 701
  • Chapter 20 A Web Application Hacker’s Toolkit 747
  • Chapter 21 A Web Application Hacker’s Methodology 791

Book Example Codes

Download URLs

 (13.5 MB | Homepage | Author Page)