The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws, Second Edition
914 Pages335947 Words300 Views
Added on 2022-01-24
About This Document
The Web Application Hacker's Handbook, Second Edition by Dafydd Stuttard and Marcus Pinto is a comprehensive guide to web application security, covering topics such as core defense mechanisms, web application technologies, mapping the application, bypassing client-side controls, and attacking authentication. The book provides practical advice and strategies for finding and exploiting security flaws in web applications, and includes a web application hacker's toolkit and methodology.
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws, Second Edition
Stuttardffirs.inddV4 - 08/17/2011 Page i The Web Application Hacker’s Handbook Second Edition Finding and Exploiting Security Flaws Dafydd Stuttard Marcus Pinto ffirs.inddiffirs.inddi8/19/201112:22:33 PM8/19/201112:22:33 PM
Stuttardffirs.inddV4 - 08/17/2011 Page iii iii Dafydd Stuttardis an independent security consultant, author, and software developer. With more than 10 years of experience in security consulting, he specializes in the penetration testing of web applications and compiled soft- ware. Dafydd has worked with numerous banks, retailers, and other enterprises to help secure their web applications. He also has provided security consulting to several software manufacturers and governments to help secure their compiled software. Dafydd is an accomplished programmer in several languages. His interests include developing tools to facilitate all kinds of software security testing. Under the alias “PortSwigger,” Dafydd created the popular Burp Suite of web application hacking tools; he continues to work actively on Burp’s devel- opment. Dafydd is also cofounder of MDSec, a company providing training and consultancy on Internet security attack and defense. Dafydd has developed and presented training courses at various security conferences around the world, and he regularly delivers training to companies and governments. He holds master’s and doctorate degrees in philosophy from the University of Oxford. Marcus Pintois cofounder of MDSec, developing and delivering training courses in web application security. He also performs ongoing security con- sultancy for financial, government, telecom, and retail verticals. His 11 years of experience in the industry have been dominated by the technical aspects of application security, from the dual perspectives of a consulting and end-user implementation role. Marcus has a background in attack-based security assess- ment and penetration testing. He has worked extensively with large-scale web application deployments in the fi nancial services industry. Marcus has been developing and presenting database and web application training courses since 2005 at Black Hat and other worldwide security conferences, and for private- sector and government clients. He holds a master’s degree in physics from the University of Cambridge. About the Authors ffirs.inddiiiffirs.inddiii8/19/201112:22:37 PM8/19/201112:22:37 PM
Stuttardffirs.inddV4 - 08/17/2011 Page iv iv About the Technical Editor Dr. Josh Paulireceived his Ph.D. in Software Engineering from North Dakota State University (NDSU) with an emphasis in secure requirements engineering and now serves as an Associate Professor of Information Security at Dakota State University (DSU). Dr. Pauli has published nearly 20 international jour- nal and conference papers related to software security and his work includes invited presentations from the Department of Homeland Security and Black Hat Briefings. He teaches both undergraduate and graduate courses in system software security and web software security at DSU. Dr. Pauli also conducts web application penetration tests as a Senior Penetration Tester for an Information Security consulting firm where his duties include developing hands-on techni- cal workshops in the area of web software security for IT professionals in the financial sector. ffirs.inddivffirs.inddiv8/19/201112:22:37 PM8/19/201112:22:37 PM
Stuttardffirs.inddV4 - 08/17/2011 Page v v MDSec: The Authors’ Company Dafydd and Marcus are cofounders of MDSec, a company that provides training in attack and defense-based security, along with other consultancy services. If while reading this book you would like to put the concepts into practice, and gain hands-on experience in the areas covered, you are encouraged to visit our website,http://mdsec.net. This will give you access to hundreds of interactive vulnerability labs and other resources that are referenced throughout the book. ffirs.inddvffirs.inddv8/19/201112:22:37 PM8/19/201112:22:37 PM
Stuttardffirs.inddV4 - 08/17/2011 Page vi vi Executive Editor Carol Long Senior Project Editor Adaobi Obi Tulton Technical Editor Josh Pauli Production Editor Kathleen Wisor Copy Editor Gayle Johnson Editorial Manager Mary Beth Wakefield Freelancer Editorial Manager Rosemarie Graham Associate Director of Marketing David Mayhew Marketing Manager Ashley Zurcher Business Manager Amy Knies Production Manager Tim Tate Vice President and Executive Group Publisher Richard Swadley Vice President and Executive Publisher Neil Edde Associate Publisher Jim Minatel Project Coordinator, Cover Katie Crocker Proofreaders Sarah Kaikini, Word One Sheilah Ledwidge, Word One Indexer Robert Swanson Cover Designer Ryan Sneed Cover Image Wiley InHouse Design Vertical Websites Project Manager Laura Moss-Hollister Vertical Websites Assistant Project Manager Jenny Swisher Vertical Websites Associate Producers Josh Frank Shawn Patrick Doug Kuhn Marilyn Hummel Credits ffirs.inddviffirs.inddvi8/19/201112:22:37 PM8/19/201112:22:37 PM
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Theory of Reasoned Action, Theory of Planned Behavior, and the Integrated Behavior Modellg...