画像はありません

選択したカラーの画像がありません。
カラー：

このビデオを見るには、次をダウンロード Flash Player

著者をフォローする

The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws ペーパーバック – 2007/10/22

英語版 Dafydd Stuttard (著), Marcus Pinto (著)

4.6 45個の評価

すべての形式と版を表示

このページの読み込み中に問題が発生しました。もう一度試してください。

この商品には新版があります:

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
￥7,983
(983)
残り4点（入荷予定あり）

This book is a practical guide to discovering and exploiting security flaws in web applications. The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications.

The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results.

The authors are professional penetration testers who have been involved in web application security for nearly a decade. They have presented training courses at the Black Hat security conferences throughout the world. Under the alias "PortSwigger", Dafydd developed the popular Burp Suite of web application hack tools.

この商品に関する問題を報告する

本の長さ

768ページ
言語

英語
出版社

Wiley
発売日

2007/10/22
寸法

18.8 x 4.11 x 23.37 cm
ISBN-10

0470170778
ISBN-13

978-0470170779
すべての詳細を表示

商品の説明

著者について

Dafydd Stuttard is a Principal Security Consultant at Next Generation Security Software, where he leads the web application security competency. He has nine years’ experience in security consulting and specializes in the penetration testing of web applications and compiled software.
Dafydd has worked with numerous banks, retailers, and other enterprises to help secure their web applications, and has provided security consulting to several software manufacturers and governments to help secure their compiled software. Dafydd is an accomplished programmer in several languages, and his interests include developing tools to facilitate all kinds of software security testing.
Dafydd has developed and presented training courses at the Black Hat security conferences around the world. Under the alias “PortSwigger,” Dafydd created the popular Burp Suite of web application hacking tools. Dafydd holds master’s and doctorate degrees in philosophy from the University of Oxford.

Marcus Pinto is a Principal Security Consultant at Next Generation Security Software, where he leads the database competency development team, and has lead the development of NGS’ primary training courses. He has eight years’ experience in security consulting and specializes in penetration testing of web applications and supporting architectures.
Marcus has worked with numerous banks, retailers, and other enterprises to help secure their web applications, and has provided security consulting to the development projects of several security-critical applications. He has worked extensively with large-scale web application deployments in the financial services industry.
Marcus has developed and presented database and web application training courses at the Black Hat and other security conferences around the world. Marcus holds a master’s degree in physics from the University of Cambridge.

登録情報

出版社 ‏ : ‎ Wiley; 第1版 (2007/10/22)
発売日 ‏ : ‎ 2007/10/22
言語 ‏ : ‎ 英語
ペーパーバック ‏ : ‎ 768ページ
ISBN-10 ‏ : ‎ 0470170778
ISBN-13 ‏ : ‎ 978-0470170779
寸法 ‏ : ‎ 18.8 x 4.11 x 23.37 cm

Amazon 売れ筋ランキング: - 690,351位洋書 (洋書の売れ筋ランキングを見る)
- - 498位Internet & Telecommunications
- - 767位Computer Hacking
- - 813位Web Services

カスタマーレビュー:
4.6 45個の評価

著者について

著者をフォローして、新作のアップデートや改善されたおすすめを入手してください。

Marcus Pinto
Brief content visible, double tap to read full content.
Full content visible, double tap to read brief content.
著者の本をもっと発見したり、よく似た著者を見つけたり、著者のブログを読んだりしましょう
著者ページでもっと見る
Dafydd Stuttard
Brief content visible, double tap to read full content.
Full content visible, double tap to read brief content.
著者の本をもっと発見したり、よく似た著者を見つけたり、著者のブログを読んだりしましょう
著者ページでもっと見る

カスタマーレビュー

5つのうち4.6つ

45グローバルレーティング

星1つ

0%

虚偽のレビューは一切容認しません

この商品をレビュー

カスタマーレビューを書く

他の国からのトップレビュー

すべてのレビューを日本語に翻訳

Marcello Tomasini

Bibbia del Settore

2013年10月26日にイタリアでレビュー済み

Amazonで購入

bel libro, anche se molto teorico. Gli esercizi di pratica sono relativamente poco guidati e quindi possono risultatre difficoltosi, inoltre si appoggiano sull'uso di burp suite piuttosto che altri strumenti. La versione di burp gratuita e' pero' limitata nelle funzionalita'.

レビューを日本語に翻訳する

Nick

One of the best out there

2012年3月23日にアメリカ合衆国でレビュー済み

Amazonで購入

I bought this book over a year ago and never got around to reviewing it. I am really disappointed by the quality of many of the security books I have read since then, so feel compelled to go back and review this to give the authors the credit they deserve. There seems to be a flourishing industry in rushing out woeful security books that make lofty claims and are little more than brief summaries of "what" tools are with absolutely no "how", "why" or any signs of original thinking. Looking at the perfect 5 scores that many of these offenders receive, I am highly suspicious that authors/publishers are gaming the system and getting their mates to pile on positive reviews. (You will need to take the 5 I award this book with a large grain of salt and do your own research to form your own opinion).

Anyway, enough ranting about the state of the industry and on to this book. I have a large bookshelf of security books - many in pristine condition. This one is well worn and dog-eared as it gets a lot of use. It works equally well read from cover to cover and as a future reference. Read in sequence, it is logical and introduces concepts in layers that build understanding on various topics. The chapter breakdown is also very well thought through - attacking client-side controls, authentication schemes, session management, code injection etc. As a reference, it provides thorough coverage describing how a class of exploit works, ways of exploiting it and ways of defending it. The coverage on XSS is the best I have seen in any one reference (you can certainly find all of the info on the net, but this book will save you a lot of time).

I just noticed that there is a v2 of this book. Assuming it is the same quality as the original, I would recommend that as this is now a little dated. That said, I see many of the flaws covered in this book are still highly relevant today, but the tools have moved on a bit since then. If however you bought v1, you would not be disappointed.

2人のお客様がこれが役に立ったと考えています

レビューを日本語に翻訳する

Florent

un Must Have

2013年6月4日にフランスでレビュー済み

Amazonで購入

Dafydd Stuttard n'est autre que l'auteur de Burp Suite. Si l'outil incontournable pour auditer des sites Internet.
Dans ce livre Dafydd énumère de façon très accessible un très grand nombre de point à vérifier lors d'un audit web.
J'y ai appris plein de choses notamment sur la gestion des sessions que je ne savais pas si complexe.

Pas la peine d'acheter d'autres livres qui ne font qu'effleurer le sujet, ce livre est le plus complet qui soit sur le sujet.

A noter qu'il y a une deuxième édition de ce livre...

レビューを日本語に翻訳する

Rob Boss

A must have book for web app security testers

2011年9月20日に英国でレビュー済み

Amazonで購入

I don't think there is another book that comes close to the Web Application Hackers Handbook at the moment. This book is well thought out and is both great to read from front to back on your first time through and then to use as a reference book later on.

I have heard it referred to as the manual for Burp Suite Pro but as Burp Suite Pro should be in every web pen testers toolkit I don't think that is a bad thing. It does cover other tools too but the most important part is that it helps you understand what goes wrong with web apps and how to discover and exploit their flaws, this is much more important for web application security testing than knowing how to click 'go' on an automated scanner.

I am looking forward to receiving the second edition and trying out the labs, it is not often in day-to-day pentesting that you get to practice all the techniques discussed in the book so the labs are a welcome edition.

レビューを日本語に翻訳する

W. Wiencke

Must reading if you write web pages

2013年7月4日にアメリカ合衆国でレビュー済み

Amazonで購入

Skip this review and avoid this book if you use site building kits like WordPress -- or you don't care about your site getting hacked.

Get the book if you are not keen on vulnerable cookie-cutter code and hacker prone pages.

The "take away" from this book is that a site author has to take a system wide look a the site -- particularly if there is an interaction between the visitor and the server.

This book takes the position that any one who uses server side includes (SSI) or client side scripts like JavaScript must be aware of the mechanisms by which the browser and server interact.

The book looks at the spectrum of tools available to inspect, analyze and even alter the data flowing between the visitor's browser and the site's server. It doesn't take long to realize that if someone has the tools and wants to spend the time practically any transaction between a browser and server is vulnerable.

OK, if you've read this far you already appreciate the value of defensive programming to make software maintainable. What this book gives you is solid examples of what you have to look out for. There's the obvious blunders like stashing key variables in cookies where the hacker can diddle them. But there are subtleties like how a SSI error message can guide a hacker script to discover an ID or password.

This is a "must read" book for someone who has a command of HTML, JavaScript, and one of the server side scripting languages like Perl, PHP, or ASF. The book forced me to even more critically rethink my programming habits.

,

2人のお客様がこれが役に立ったと考えています

レビューを日本語に翻訳する

レビューをすべて見る

Amazon Advertising 商品の露出でお客様の関心と反応を引き出す	Audible（オーディブル）「聴く」読書会員なら聴き放題	アマゾンウェブサービス（AWS）クラウドコンピューティングサービス	Amazonアウトレット訳あり商品をお手頃価格で販売

Amazonビジネス（法人購買）請求書払い法人価格・数量割引	AmazonGlobal 65か国/地域以上への海外配送がより簡単に	Shopbop 世界中の厳選されたファッションアイテム

著者をフォローする

The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws ペーパーバック – 2007/10/22

この商品には新版があります:

商品の説明

著者について

登録情報

著者について

Marcus Pinto

Dafydd Stuttard

カスタマーレビュー

この商品をレビュー

上位レビュー、対象国： 日本

他の国からのトップレビュー

上位レビュー、対象国：日本