Programming Books C Java PHP Python Learn more Browse Programming Books
Qty:1
  • List Price: $66.95
  • Save: $8.46 (13%)
In stock but may require an extra 1-2 days to process.
Ships from and sold by Amazon.com.
Gift-wrap available.
+ $3.99 shipping
Used: Good | Details
Sold by Seattlegoodwill
Condition: Used: Good
Comment: May have some shelf wear. This item is only available for purchase online and is not available in the Goodwill store. This item is being offered by Goodwill, a non-profit organization. All funds raised are used to support the Goodwill which provides quality, effective employment training and basic education to individuals experiencing significant barriers to economic opportunity. Because Jobs Change Lives. Proceeds from the sale of these goods and financial donations from the community make it possible for us to operate our free job training programs. Your donations and purchases help support these important programs and make the community a better place for all of us.
Access codes and supplements are not guaranteed with used items.
Sell yours for a Gift Card
We'll buy it for $3.12
Learn More
Trade in now
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

XSS Attacks: Cross Site Scripting Exploits and Defense Paperback – May 15, 2007

ISBN-13: 978-1597491549 ISBN-10: 1597491543 Edition: 1st

Buy New
Price: $58.49
27 New from $47.73 22 Used from $23.78
Amazon Price New from Used from
Kindle
"Please retry"
Paperback
"Please retry"
$58.49
$47.73 $23.78
Free Two-Day Shipping for College Students with Amazon Student Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student


Frequently Bought Together

XSS Attacks: Cross Site Scripting Exploits and Defense + SQL Injection Attacks and Defense, Second Edition + The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
Price for all three: $145.30

Some of these items ship sooner than the others.

Buy the selected items together
NO_CONTENT_IN_FEATURE
Shop the new tech.book(store)
New! Introducing the tech.book(store), a hub for Software Developers and Architects, Networking Administrators, TPMs, and other technology professionals to find highly-rated and highly-relevant career resources. Shop books on programming and big data, or read this week's blog posts by authors and thought-leaders in the tech industry. > Shop now

Product Details

  • Paperback: 480 pages
  • Publisher: Syngress; 1 edition (May 15, 2007)
  • Language: English
  • ISBN-10: 1597491543
  • ISBN-13: 978-1597491549
  • Product Dimensions: 7.4 x 1.1 x 9.4 inches
  • Shipping Weight: 1.8 pounds (View shipping rates and policies)
  • Average Customer Review: 4.4 out of 5 stars  See all reviews (5 customer reviews)
  • Amazon Best Sellers Rank: #1,148,501 in Books (See Top 100 in Books)

Editorial Reviews

About the Author

Seth Fogie is the VP of Dallas-based Airscanner Corporation where he oversees the development of security software for the Window Mobile (Pocket PC) platform. He has co-authored numerous technical books on information security, including the top selling "Maximum Wireless Security" from SAMS, and "Security Warrior" from O'Reilly. Seth frequently speaks at IT and security conferences/seminars, including Black Hat, Defcon, CSI, and Dallascon. In addition, Seth has co-authored the HIPAA medical education course for the Texas Medical Associate and is acting Site Host for Security at the "InformIT.com" website where he writes articles and reviews/manages weekly information security related books and articles

Jeremiah Grossman, founder and chief technology officer of WhiteHat Security, is a world-renowned expert in web application security and a founding member of the Web Application Security Consortium (WASC). At WhiteHat, Mr. Grossman is responsible for web application security R&D and industry evangelism. He is a frequent speaker at industry events including the Black Hat Briefings, ISACA, OWASP, NASA, ISSA and Defcon. A trusted media resource, Mr. Grossman has been featured in USA Today, the Washington Post, Information Week, NBC Nightly News, and many others. Prior to WhiteHat, Mr. Grossman was an information security officer at Yahoo!

Robert Hansen, also known as RSnake, is the founder of the ha.ckers.org web application security lab and has been heavily involved in the hacking and the security industry since the mid 1990s. Robert has worked in banner advertizing and built click fraud detection in his role as CSO for several startups. For many years he ran the managed security services product lines for Cable & Wireless. At eBay he worked on anti-cross site scripting, anti-phishing, anti-virus and web application intrusion detection and countermeasures. He has spoken at Black Hat, the Gartner security round table and at Networld+Interop and he is a member of WASC, OWASP, and ISSA.

Anton Rager is a Sr. Security Engineer with Avaya Labs and a founding member of Avaya's Enterprise Security Practice. He specializes in vulnerability research, VPN security and wireless security and is best known for his WEPCrack, WEPWedgie and IKECrack security tools. He has presented at Defcon, Toorcon, Interz0ne and many other lesser-known conferences, and was a contributing technical editor to the book Maximum Wireless Security.

Petko "pdp” D. Petkov is a senior IT security consultant based in London, United Kingdom. His day-to-day work involves identifying vulnerabilities, building attack strategies and creating attack tools and penetration testing infrastructures. Petko is known in the underground circles as pdp or architect but his name is well known in the IT security industry for his strong technical background and creative thinking. He has been working for some of the world's top companies, providing consultancy on the latest security vulnerabilities and attack technologies.
His latest project, GNUCITIZEN (gnucitizen.org), is one of the leading web application security resources on-line where part of his work is disclosed for the benefit of the public. Petko defines himself as a cool hunter in the security circles.

Customer Reviews

4.4 out of 5 stars
Share your thoughts with other customers

Most Helpful Customer Reviews

16 of 16 people found the following review helpful By Richard Bejtlich on July 20, 2007
Format: Paperback
XSS Attacks earns 4 stars for being the first book devoted to Cross Site Scripting and for rounding up multiple experts on the topic. The authors are synonymous with attacking Web applications and regularly share their vast expertise via their blogs and tools. However, XSS Attacks suffers the same problems found whenever Syngress rushes a book to print -- nonexistent editing and uneven content. I found XSS Attacks to be highly enlightening, but I expect a few other books on the topic arriving later this year could be better.

First, as Tadaka mentioned, ch 3 is the best written part of the book. In fact, the author of ch 3 should have written the entire book. There is a difference between an author of a tool, an author of a blog, and an author of a book. The author of ch 3 clearly knows how to make a clear argument over the course of a long stretch of pages (over 90) and carry the reader. Lucky for non-book-buyers, Syngress posted ch 3 for free on their Web site. You'll get a great foundation on XSS, and learn about CSRF and backdooring Flash and Quicktime.

In terms of readability, ch 2 wasn't bad. I liked trying out various Firefox extensions and the author's examples were good. I think ch 1 should be completely dropped. It mentions terms not defined until ch 2. The language is exceptionally rough, indicating zero editing was done. The DNS pinning examples in ch 5 were confusing; it doesn't help novice readers to discuss [...] and then use [...]. (I think that's an error.) I really didn't get as much from the book past ch 3 as I did from ch 3.

The major take-away from XSS Attacks is that one should never trust clients.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
6 of 6 people found the following review helpful By Dafydd Stuttard on July 4, 2007
Format: Paperback
This book is a comprehensive analysis of XSS and related vulnerabilities, and covers everything from a beginner's introduction to XSS through to advanced exploitation and the latest attack techniques.

Overall, the book is well-organised, technically accurate, and full of pertinent examples and code extracts to illustrate the different vulnerabilities and attacks being described. There are plenty of tricks that will benefit even experienced web app hackers, including a wealth of filter bypasses, and coverage of offbeat topics such as injection into style sheets and use of non-standard content encoding.

There is strong coverage of recent research including JavaScript-based port scanning, history stealing and JSON hijacking, as you would expect given that these techniques were largely poineered by some of the authors. All of their explanations are clear and precise, and contain sufficient detail for you to fully understand each issue, and put together working code to exploit it. The book also includes the use of non-standard vehicles such as Flash and PDF for delivery of XSS attacks.

Here and there, the book displays the effects of multiple authorship, notably in the discussion of the best tools for finding XSS flaws. I know that some of the authors have rather opposing views on that question, but it is always good to get different people's perspectives on the tools they find most useful. There are also a few typos and editorial glitches, but that is the price you pay for being quick to market, as they evidently are.

Overall, this is a great book that will benefit a wide range of people, from novices to seasoned hackers. It is fun to read, with plenty of lighter moments punctuating the technical meat. Nothing else currently available is hitting this target - get it while it's hot!
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
1 of 1 people found the following review helpful By Jason Wood on July 2, 2007
Format: Paperback
I've been through most of this book and found it to be an excellent source of information on cross site scripting (XSS). It starts off with a good introduction of the subject, covers the tools to help you evaluate your site for issues with XSS, and then goes through XSS non-stop to the end. I really liked the discussion of XSS theory in chapter 3. Instead of just covering how to look up and try different exploit methods, the authors spend a lot of time trying to convey the knowledge needed to really understand how XSS takes advantage of web apps and your browser's willingness to try and render as much as possible. This is extremely helpful when trying to craft your defenses, since you will have a more complete understanding of the problem.

The book is a lot to absorb and I'm still wrapping my mind around it, but it has really given me a new perspective on the scope of the issue. The authors are the experts on XSS and they've done a really good job on the book. If you want to get information straight from the guys doing the research on XSS, then this is the book you want.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
Format: Paperback Verified Purchase
This is a good book for getting started with XSS, with comprehensive information about the subject, but with quite a few significant drawbacks:

- There are a lot of spelling errors (almost one per page)
- There's not a straightforward structure of content
- It's very apparent that this has been written separately by many authors: there doesn't seem to be an effort to provide a single, similar and coherent writing style (e.g. in the same chapter, each section has its own little introduction, repeating things already mentioned in previous sections)
- It has had a very poor technical and editorial review (as shown by the many mistakes)
- It contains some strange things that make you wonder about how much thought was put while making the book (e.g. screenshots of full-black webpages)

Given the fact that there aren't many books on the subject, this is one you'd probably want to buy, but be prepared for a lot of mistakes and oversights.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

What Other Items Do Customers Buy After Viewing This Item?