作者：Dafydd Stuttard, Marcus Pinto
出版日期：October 22, 2007
出版社：Wiley Publishing
页数：768
ISBN：ISBN-10: 0470170778 ISBN-13: 978-0470170779
文件格式：PDF

Review
“If you have an interest in web application security, I would highlyrecommend picking up a copy of this book, especially if you’reinterested in being able to audit applications for vulnerabilities”.
—Robert Wesley McGrew, McGrew Security
Product Description
This book is a practical guide to discovering and exploiting securityflaws in web applications. The authors explain each category ofvulnerability using real-world examples, screen shots and codeextracts. The book is extremely practical in focus, and describes indetail the steps involved in detecting and exploiting each kind ofsecurity weakness found within a variety of applications such as onlinebanking, e-commerce and other web applications.
The topics covered include bypassing login mechanisms, injectingcode, exploiting logic flaws and compromising other users. Becauseevery web application is different, attacking them entails bringing tobear various general principles, techniques and experience in animaginative way. The most successful hackers go beyond this, and findways to automate their bespoke attacks. This handbook describes aproven methodology that combines the virtues of human intelligence andcomputerized brute force, often with devastating results.
The authors are professional penetration testers who have beeninvolved in web application security for nearly a decade. They havepresented training courses at the Black Hat security conferencesthroughout the world. Under the alias “PortSwigger”, Dafydd developedthe popular Burp Suite of web application hack tools.