![Kindleアプリのロゴ画像](https://m.media-amazon.com/images/G/09/kindle/app/kindle-app-logo._CB666561098_.png)
無料のKindleアプリをダウンロードして、スマートフォン、タブレット、またはコンピューターで今すぐKindle本を読むことができます。Kindleデバイスは必要ありません。
ウェブ版Kindleなら、お使いのブラウザですぐにお読みいただけます。
携帯電話のカメラを使用する - 以下のコードをスキャンし、Kindleアプリをダウンロードしてください。
The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws ペーパーバック – 2007/10/22
この商品には新版があります:
¥7,983
(983)
残り4点(入荷予定あり)
The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results.
The authors are professional penetration testers who have been involved in web application security for nearly a decade. They have presented training courses at the Black Hat security conferences throughout the world. Under the alias "PortSwigger", Dafydd developed the popular Burp Suite of web application hack tools.
- 本の長さ768ページ
- 言語英語
- 出版社Wiley
- 発売日2007/10/22
- 寸法18.8 x 4.11 x 23.37 cm
- ISBN-100470170778
- ISBN-13978-0470170779
商品の説明
著者について
Dafydd has worked with numerous banks, retailers, and other enterprises to help secure their web applications, and has provided security consulting to several software manufacturers and governments to help secure their compiled software. Dafydd is an accomplished programmer in several languages, and his interests include developing tools to facilitate all kinds of software security testing.
Dafydd has developed and presented training courses at the Black Hat security conferences around the world. Under the alias “PortSwigger,” Dafydd created the popular Burp Suite of web application hacking tools. Dafydd holds master’s and doctorate degrees in philosophy from the University of Oxford.
Marcus Pinto is a Principal Security Consultant at Next Generation Security Software, where he leads the database competency development team, and has lead the development of NGS’ primary training courses. He has eight years’ experience in security consulting and specializes in penetration testing of web applications and supporting architectures.
Marcus has worked with numerous banks, retailers, and other enterprises to help secure their web applications, and has provided security consulting to the development projects of several security-critical applications. He has worked extensively with large-scale web application deployments in the financial services industry.
Marcus has developed and presented database and web application training courses at the Black Hat and other security conferences around the world. Marcus holds a master’s degree in physics from the University of Cambridge.
登録情報
- 出版社 : Wiley; 第1版 (2007/10/22)
- 発売日 : 2007/10/22
- 言語 : 英語
- ペーパーバック : 768ページ
- ISBN-10 : 0470170778
- ISBN-13 : 978-0470170779
- 寸法 : 18.8 x 4.11 x 23.37 cm
- Amazon 売れ筋ランキング: - 690,351位洋書 (洋書の売れ筋ランキングを見る)
- - 498位Internet & Telecommunications
- - 767位Computer Hacking
- - 813位Web Services
- カスタマーレビュー:
著者について
著者の本をもっと発見したり、よく似た著者を見つけたり、著者のブログを読んだりしましょう
著者の本をもっと発見したり、よく似た著者を見つけたり、著者のブログを読んだりしましょう
カスタマーレビュー
私たちの目標は、すべてのレビューを信頼性の高い、有益なものにすることです。だからこそ、私たちはテクノロジーと人間の調査員の両方を活用して、お客様が偽のレビューを見る前にブロックしています。 詳細はこちら
コミュニティガイドラインに違反するAmazonアカウントはブロックされます。また、レビューを購入した出品者をブロックし、そのようなレビューを投稿した当事者に対して法的措置を取ります。 報告方法について学ぶ
他の国からのトップレビュー
![](https://images-eu.ssl-images-amazon.com/images/S/amazon-avatars-global/default._CR0,0,1024,1024_SX48_.png)
![](https://images-na.ssl-images-amazon.com/images/S/amazon-avatars-global/default._CR0,0,1024,1024_SX48_.png)
Anyway, enough ranting about the state of the industry and on to this book. I have a large bookshelf of security books - many in pristine condition. This one is well worn and dog-eared as it gets a lot of use. It works equally well read from cover to cover and as a future reference. Read in sequence, it is logical and introduces concepts in layers that build understanding on various topics. The chapter breakdown is also very well thought through - attacking client-side controls, authentication schemes, session management, code injection etc. As a reference, it provides thorough coverage describing how a class of exploit works, ways of exploiting it and ways of defending it. The coverage on XSS is the best I have seen in any one reference (you can certainly find all of the info on the net, but this book will save you a lot of time).
I just noticed that there is a v2 of this book. Assuming it is the same quality as the original, I would recommend that as this is now a little dated. That said, I see many of the flaws covered in this book are still highly relevant today, but the tools have moved on a bit since then. If however you bought v1, you would not be disappointed.
![](https://images-eu.ssl-images-amazon.com/images/S/amazon-avatars-global/default._CR0,0,1024,1024_SX48_.png)
Dans ce livre Dafydd énumère de façon très accessible un très grand nombre de point à vérifier lors d'un audit web.
J'y ai appris plein de choses notamment sur la gestion des sessions que je ne savais pas si complexe.
Pas la peine d'acheter d'autres livres qui ne font qu'effleurer le sujet, ce livre est le plus complet qui soit sur le sujet.
A noter qu'il y a une deuxième édition de ce livre...
![](https://images-eu.ssl-images-amazon.com/images/S/amazon-avatars-global/32a1fcdc-057f-437a-a51e-6e0d205a4320._CR1,0,497,497_SX48_.jpg)
I have heard it referred to as the manual for Burp Suite Pro but as Burp Suite Pro should be in every web pen testers toolkit I don't think that is a bad thing. It does cover other tools too but the most important part is that it helps you understand what goes wrong with web apps and how to discover and exploit their flaws, this is much more important for web application security testing than knowing how to click 'go' on an automated scanner.
I am looking forward to receiving the second edition and trying out the labs, it is not often in day-to-day pentesting that you get to practice all the techniques discussed in the book so the labs are a welcome edition.
![](https://images-na.ssl-images-amazon.com/images/S/amazon-avatars-global/default._CR0,0,1024,1024_SX48_.png)
Get the book if you are not keen on vulnerable cookie-cutter code and hacker prone pages.
The "take away" from this book is that a site author has to take a system wide look a the site -- particularly if there is an interaction between the visitor and the server.
This book takes the position that any one who uses server side includes (SSI) or client side scripts like JavaScript must be aware of the mechanisms by which the browser and server interact.
The book looks at the spectrum of tools available to inspect, analyze and even alter the data flowing between the visitor's browser and the site's server. It doesn't take long to realize that if someone has the tools and wants to spend the time practically any transaction between a browser and server is vulnerable.
OK, if you've read this far you already appreciate the value of defensive programming to make software maintainable. What this book gives you is solid examples of what you have to look out for. There's the obvious blunders like stashing key variables in cookies where the hacker can diddle them. But there are subtleties like how a SSI error message can guide a hacker script to discover an ID or password.
This is a "must read" book for someone who has a command of HTML, JavaScript, and one of the server side scripting languages like Perl, PHP, or ASF. The book forced me to even more critically rethink my programming habits.
,