HACKING EXPOSED WEB APPLICATIONS, 3rd Edition and over one million other books are available for Amazon Kindle. Learn more

Sorry, this item is not available in
Image not available for
Color:
Image not available

To view this video download Flash Player

 


or
Sign in to turn on 1-Click ordering
More Buying Choices
Have one to sell? Sell yours here
Start reading HACKING EXPOSED WEB APPLICATIONS, 3rd Edition on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

HACKING EXPOSED WEB APPLICATIONS, 3rd Edition [Paperback]

Joel Scambray , Vincent Liu , Caleb Sima
4.7 out of 5 stars  See all reviews (6 customer reviews)

List Price: $50.00
Price: $33.44 & FREE Shipping on orders over $35. Details
You Save: $16.56 (33%)
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
In Stock.
Ships from and sold by Amazon.com. Gift-wrap available.
Want it tomorrow, July 11? Choose One-Day Shipping at checkout. Details
Free Two-Day Shipping for College Students with Amazon Student

Formats

Amazon Price New from Used from
Kindle Edition $31.77  
Paperback $33.44  
Shop the New Digital Design Bookstore
Check out the Digital Design Bookstore, a new hub for photographers, art directors, illustrators, web developers, and other creative individuals to find highly rated and highly relevant career resources. Shop books on web development and graphic design, or check out blog posts by authors and thought-leaders in the design industry. Shop now

Book Description

October 15, 2010 0071740643 978-0071740647 3

The latest Web app attacks and countermeasures from world-renowned practitioners

Protect your Web applications from malicious attacks by mastering the weapons and thought processes of today's hacker. Written by recognized security practitioners and thought leaders, Hacking Exposed Web Applications, Third Edition is fully updated to cover new infiltration methods and countermeasures. Find out how to reinforce authentication and authorization, plug holes in Firefox and IE, reinforce against injection attacks, and secure Web 2.0 features. Integrating security into the Web development lifecycle (SDL) and into the broader enterprise information security program is also covered in this comprehensive resource.

  • Get full details on the hacker's footprinting, scanning, and profiling tools, including SHODAN, Maltego, and OWASP DirBuster
  • See new exploits of popular platforms like Sun Java System Web Server and Oracle WebLogic in operation
  • Understand how attackers defeat commonly used Web authentication technologies
  • See how real-world session attacks leak sensitive data and how to fortify your applications
  • Learn the most devastating methods used in today's hacks, including SQL injection, XSS, XSRF, phishing, and XML injection techniques
  • Find and fix vulnerabilities in ASP.NET, PHP, and J2EE execution environments
  • Safety deploy XML, social networking, cloud computing, and Web 2.0 services
  • Defend against RIA, Ajax, UGC, and browser-based, client-side exploits
  • Implement scalable threat modeling, code review, application scanning, fuzzing, and security testing procedures

Frequently Bought Together

HACKING EXPOSED WEB APPLICATIONS, 3rd Edition + Hacking Exposed 7: Network Security Secrets &Amp; Solutions (Hacking Exposed: Network Security Secrets & Solutions)
Price for both: $62.44

Buy the selected items together


Editorial Reviews

About the Author

Joel Scambray, CISSP, is co-founder and CEO of Consciere, provider of strategic security advisory services. He has worked in Internet security assessment and defense for nearly 15 years at Microsoft, Foundstone, Ernst & Young, and other organizations. Joel is an internationally renowned speaker and author of multiple security books, including 12 editions in the Hacking Exposed series.

Vincent Liu, CISSP, is a managing partner at Stach & Liu. He previously led the Attack & Penetration and Reverse Engineering teams at Honeywell's Global Security group, was a consultant with the Ernst & Young Advanced Security Centers, and was an analyst at the National Security Agency. Vincent speaks at industry conferences, including Black Hat, ToorCon, and Microsoft's BlueHat.

Caleb Sima is CEO of Armorize Technologies, provider of integrated Web application security solutions. He founded SPI Dynamics, a Web security technology company, and was an early innovator at Internet Security Systems/IBM's elite X-Force team. Caleb presents at key industry conferences, such as RSA and Black Hat.


Product Details

  • Series: Hacking Exposed
  • Paperback: 482 pages
  • Publisher: McGraw-Hill Osborne Media; 3 edition (October 15, 2010)
  • Language: English
  • ISBN-10: 0071740643
  • ISBN-13: 978-0071740647
  • Product Dimensions: 9.1 x 7.4 x 1 inches
  • Shipping Weight: 1.6 pounds (View shipping rates and policies)
  • Average Customer Review: 4.7 out of 5 stars  See all reviews (6 customer reviews)
  • Amazon Best Sellers Rank: #193,597 in Books (See Top 100 in Books)

More About the Authors

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

4.7 out of 5 stars
(6)
4.7 out of 5 stars
Share your thoughts with other customers
Most Helpful Customer Reviews
19 of 19 people found the following review helpful
Format:Paperback
This is the third Hacking Exposed: Web Applications (HE:WA) book I've reviewed, having reviewed the second edition in 2006 and the first edition in 2002. While I gave the earlier editions each five stars, I don't think HE:WA3E quite meets my expectations of a five star web application security book -- at least not one bearing the Hacking Exposed (HE) series name.

In my opinion, the winning formula for a good HE book was set by the first in the series, back in 1999: 1) explain a technology of interest; 2) show exactly how to exploit it; 3) recommend countermeasures. For me, these three steps MUST be followed, and any book with HE in the title that fails to follow this recipe is likely to fall flat. The reason I like this approach is simple; in many cases, defenders first encounter a new technology only after a researcher or intruder has broken it! In other words, the offensive side is usually far ahead of the defensive side, because offenders often specialize in a promising new area and pursue it relentlessly until they break it. Good HE books help redress this imbalance by getting the defender up to speed on a new technology, showing how to break it, and then suggesting defensive measures.

I believe that while HE:WA3E adopts some of this approach, it seems to not be consistently applied. In fact, I'm wondering if the absence of Mike Shema from the author team could be the reason for this change. Mike's handiwork still appears as a legacy of using older material, but elsewhere I found myself missing the HE formula.

For example, ch 9 seems to diverge from the HE recipe. It also seemed "light" to me compared to the prevalence of client-side exploitation. When HE:WA2E arrived in 2006, client-side attacks had been popular for about three years.
Read more ›
Comment | 
Was this review helpful to you?
5.0 out of 5 stars really helpful December 9, 2013
By W. Vogt
Format:Paperback|Verified Purchase
I learned more from this in an hour of sitting and flipping than I have from hours upon hours of searching the web for answers on similar topics. Extremely helpful book for those concerned with web security... covers topics that I've never heard others mention. Also, a lot of people online... specifically with say, PHP programming, will tell you some basic rule or procedure for verifying user input, but they don't explain fully the how and the why---it's like that all over the place---but this book does a very good job of explaining why the procedures and such in PHP or other languages are necessary, and in my case helped me to understand exactly why certain procedures should be employed. (Such as making sure user-submitted data is in the expected encoding, i.e. UTF8, etc.)
Comment | 
Was this review helpful to you?
5.0 out of 5 stars HACKING EXPOSED BOOKS ARE GREAT!! October 31, 2013
By drake
Format:Paperback|Verified Purchase
I own every hacking exposed book ever printed that i am aware of. These are great sources for learning and structuring skills in many valuable situations. They are based on theory and have great examples when you would use the necessary solutions to achieve of overcome challenges.

They are Great Books!! ---That is my opinion!
Comment | 
Was this review helpful to you?


Forums

There are no discussions about this product yet.
Be the first to discuss this product with the community.
Start a new discussion
Topic:
First post:
Prompts for sign-in
 



Look for Similar Items by Category