The Web Application Hacker's Handbook has just been
published (in the US at
least - the rest of the world catches up shortly).
Co-authored by PortSwigger (creator of Burp), this book aims
to be the most
deep and comprehensive general purpose guide to hacking web
applications
that is currently available.
The book is highly practical in focus, and describes in
detail the steps
involved in detecting and exploiting all kinds of web
application security
flaws. The coverage is broad, from easy attacks like
password guessing
through to advanced techniques like blind code injection,
reversing
client-side components, and uncovering subtle logic flaws.
Each topic is
illustrated using real-world examples, screen shots and code
extracts.
In addition to specific vulnerabilities, the book describes
numerous
techniques such as mapping an application's attack surface,
leveraging
automation to speed up customised attacks, and finding
security bugs in
source code. It also includes a comprehensive methodology
for performing web
application penetration tests.
You can view the full table of contents and read some
extracts from the book
here:
http://www.amazon
.com/dp/0470170778
Cheers,
PortSwigger
------------------------------------------------------------
-------------
Sponsored by: Watchfire
Cross-Site Scripting (XSS) is one of the most common
application-level
attacks that hackers use to sneak into web applications
today. This
whitepaper will discuss how traditional XSS attacks are
performed, how to
secure your site against these attacks and check if your
site is protected.
Cross-Site Scripting Explained - Download this whitepaper
today!
https://www.watchfire.com/securearea/whi
tepapers.aspx?id=701700000009405
------------------------------------------------------------
-------------
|