Web Hacking from the Inside Out [Paperback]

Michael Flenov (Author)

Book Description

Publication Date: January 1, 2007

Covering new technologies used to search for vulnerabilities on websites from a hacker's point of view, this book on Web security and optimization provides illustrated, practical examples such as attacks on click counters, flooding, forged parameters passed to the server, password attacks, and DoS and DDoS attacks. Including an investigation of the most secure and reliable solutions to Web security and optimization, this book considers the many utilities used by hackers, explains how to write secure applications, and offers numerous interesting algorithms for developers. The CD included contains programs intended for testing sites for vulnerabilities as well as useful utilities for Web security.

Editorial Reviews

About the Author

Michael Flenov is the author of Hackish C++ Games & Demos, Hackish C++ Pranks & Tricks, Hackish PC Pranks & Cracks, and Hackish PHP Pranks & Tricks.

Product Details

• Paperback: 300 pages
• Publisher: A-List Publishing (January 1, 2007)
• Language: English
• ISBN-10: 193176963X
• ISBN-13: 978-1931769631
• Product Dimensions: 9 x 7.4 x 0.8 inches
• Shipping Weight: 1.2 pounds (View shipping rates and policies)
• Average Customer Review: 2.0 out of 5 stars  See all reviews (2 customer reviews)
• Amazon Best Sellers Rank: #2,973,659 in Books (See Top 100 in Books)

Customer Reviews

Most Helpful Customer Reviews

4 of 4 people found the following review helpful:

3.0 out of 5 stars Thin on the good stuff, July 5, 2007

By 

Justin C. Klein Keane "Mad Irish" (Philadelphia, PA USA) - See all my reviews
(REAL NAME)   

Amazon Verified Purchase

This review is from: Web Hacking from the Inside Out (Paperback)

While I found most of the information in this book to be valuable, and didn't find any errors, the types of attacks discussed seemed very lopsided. The author talks in great length about DOS attacks on websites as well as SQL injection and command injection by exploiting input validation errors, but only covers PHP, ASP, and to some degree Perl. The XSS discussion was only 7 pages, and authentication was only 5 pages! This book is a great starting place, but if you've got any experience with web security you might want to look elsewhere. Additionally the book provides demonstrations using only commercial software that the author wrote. This alone made me extremely suspicious. There were no significant examples or discussion of other tools for testing web applications for vulnerabilities.

1 of 1 people found the following review helpful:

1.0 out of 5 stars errors, March 27, 2008

By 

Cory J. Baumer - See all my reviews
(REAL NAME)   

This review is from: Web Hacking from the Inside Out (Paperback)

I am sitting in my college library and have been reading this book for about 5 minutes and have already found a huge error. When the author talks about safe file opening proceddures in php when using client inputed paramaters for a filename he suggests adding an extension to the end of the string before opening such as .fgfdfg so when an attacker attempts a string such as:
../../../../../../../../etc/passwd
it will try to open the non existent file /etc/passwd.fgfdfg
but any hacker worth his weight would just enter the string with a null bytesuch as:
../../etc/passwd%00
thus clipping the extension from the end. cause opening /etc/passwd\0.bsbs will open passwd

I havent read much more of the book but this huge error makes me want to put it back on the shelf. Overall, good for begginers I guess.... but theres better books out there and I wouldnt trust this one.

Peace
HexaTex