Hacking Web Apps: Detecting and Preventing Web Application Security Problems 1st Edition, Kindle Edition

This books is a great reference work that covers - in good detail - concepts and techniques in hacking web applications. I found this somewhat lacking in bootstrapping me into practical application. I bought this book with the intent that it'd get me into basic XSS and SQL injection attacks, but there isn't much to "practice" per se.As a caveat, I'm not sure this within the scope of this text, and it is a very good primer on the various attack vectors and types. Make no mistake, I've read this book and used it to give me a leg up into the vocabulary of web application security, but I found other texts more useful as "how to" texts.

All u learned is to write a alert, thanks

Hacking Web Apps by Mike Shema is a contemporary guide on web application security. Mike's labor of love, as he likes to call this book, contains very relevant and distilled information on modern day web application attacks. The book is different from your garden variety web-application-top-n-style verbose texts with template vulnerabilities and hello-world solutions; Hacking web apps is a book with strong personality which shows in the eight chapters covering diverse topics from HTML5 security, XSS, CSRF, platform weaknesses to browser and privacy attacks.Starting with HTML5, author discussed security issues surrounding "new" DOM, CORS, web sockets, web storage, web workers in a concise and concrete manner. This first chapter, however brief, makes this book quite unique since very few books in my knowledge have dealt with security issues pertaining to HTML5. The book provides a nice knowledge upgrade to exploits and vulnerabilities when it comes to web 2.0 technologies. Packed with tips, epic failures and notes providing security anecdotes from the real-world, this text keeps you involved and entertained throughout. Going beyond usual CWE-SANS/OWASP top x vulnerabilities, author elaborates on design issues and draw parallels on how to apply these issues to other similar problems. The text tends to be language agnostic and code samples are in multiple languages (python, php etc) but I do miss the examples with specifics of libraries such as AntiForgeryToken in ASP.NET MVC. I have not read any of Mike's previous books so I cannot comment on how much is shared between his writings but for any web and server side developer interested in security, I'd highly recommend reading this book.

Los 'malos' siempre van por delante. Sabemos que la web no es segura. Hay que ir con mil ojos. No nos podemos quedar en lo que aprendimos hace años. Aquellas prácticas que ponemos en práctica en nuestros desarrollos pueden ya no ser seguras o recomendables. Vivimos de repetir nuestro código que nunca (o casi nunca) ha sido atacado. Trabajamos con frameworks y creemos que eso nos libra de todo mal, dejamos de pensar y delegamos en otros.Este libro, no es demasiado largo, va al grano y te da un buen paseo por muchos tipos de vulnerabilidades que pueden darse en la web, así como técnicas para intentar evitarlas y todo acompañado con código de ejemplo.El enfoque es rápido y claro. No busques una gran profundidad, pero es que realmente, en este tema no hace falta, ya que las variantes son casi infinitas. Lo que hay que tener claro es a lo que nos enfrentamos, tener un conocimiento general y adaptarlo a nuestras necesidades.Una compra totalmente recomendable y un conocimiento imprescindible.From Google translator ->The bad guys are always ahead. We know that the web is not safe. You should go with a thousand eyes. We can not stay on what we learned years ago. Those practices that we implement in our developments may no longer be safe or advisable. We live to repeat our code that never (or rarely) been attacked. And we work with frameworks that frees us from all evil, we stop thinking and delegate to others.This book is not too long, to the point and gives a smooth ride for many types of vulnerabilities that can occur in the web as well as techniques to try to avoid and all accompanied with sample code.The focus is fast and clear. Look no great depth, but is that really, this topic is not necessary, since the variations are almost endless. What must be clear is what we face, have a general knowledge and adapt it to our needs.Purchase fully recommended and essential knowledge.

This book is a must read for anyone interested in web application security. I read it after I completed the author's previous work  Seven Deadliest Web Application Attacks (Seven Deadliest Attacks) .I wish I'd read this one first - as they are nearly identical but this is a super-set of his prior book, with better topic organization, and better examples (for instance the HTML insertion/XSS example tables.)That said the biggest complaint I had with the previous work still continues - the writing is marred by very poor editing - fortunately, not enough to detract from an otherwise excellent text.

In today's world, we absolutely must be concerned about security. There are quite a few ways our information including our passwords, bank account information and personal identity can be stolen via the web. Most of the attacks need only the browser to access this information, according to Mike Shema. Mr. Shema is a well-respected authority in the web security field.We, as web surfers, often buy products from various vendors on the web, and some of us even play games on the web, without a seconds' thought about the possible consequences. We believe our privacy to be safe and even sacrosanct. But, as consumers, and specially as retailers, we really need to pay attention and be aware of the possible dangers of what we do. We wouldn't leave the door unlocked while on vacation, or even while gone to work, the store, a movie or dinner date. So why do we often skip the security essentials of our web surfing,and our online activities? Are we really so complacent as to think that it couldn't have to us?In my not so humble opinion, we should all buy this book and follow its recommendations.

I cannot comment on the content of the this book, because the book is printed in unclear, blurry font, which is hard and most unpleasant to read. It is as if the pages had first been printed then photographed or rendered into images, which were then printed to the book. Returned the item. If you need this book, buy the kindle edition, which is hopefully better.

Being a developer this is quite an interesting reading. I will definitely recommend it to my friends. thanx for the timely delivery

Dieses Buch bietet einen ungewöhnlichen Einblick in Risiken die mit Webanwendungen verbunden sind.Man muss bereits einige Erfahrung im Umfeld haben, z.B. Grundwebentwicklungkenntnisse, wie HTTP-Protokol definiert is, Netzwerkprotokoll - und Datenbankkentnisse sind auch von Vorteil.Im Vergleich mit häufigen anderen Informationsquellen bietet das Buch eine andere Ansicht. Ich habe schon gewisse Erfahrung in IT-Security, beim Lesen habe ich aber neue Zusammenhänge gefunden. Die ArtikelnVerbesserungsvorschlag: Es wäre super, die Buchbeispiele als Quellcode online zu veröffentlichen.