The topics covered include bypassing login mechanisms, injectingcode, exploiting logic flaws and compromising other users. Becauseevery web application is different, attacking them entails bringingto bear various general principles, techniques and experience in animaginative way. The most successful hackers go beyond this, andfind ways to automate their bespoke attacks. This handbookdescribes a proven methodology that combines the virtues of humanintelligence and computerized brute force, often with devastatingresults.
The authors are professional penetration testers who have beeninvolved in web application security for nearly a decade. They havepresented training courses at the Black Hat security conferencesthroughout the world. Under the alias "PortSwigger", Dafydddeveloped the popular Burp Suite of web application hack tools.