Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your mobile phone number.

Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions 1st Edition

3.4 out of 5 stars 7 customer reviews
ISBN-13: 978-0071494618
ISBN-10: 0071494618
Why is ISBN important?
ISBN
This bar-code number lets you verify that you're getting exactly the right version or edition of a book. The 13-digit and 10-digit formats both work.
Scan an ISBN with your phone
Use the Amazon App to scan ISBNs and compare prices.
Have one to sell? Sell on Amazon
Buy used On clicking this link, a new layer will be open
$8.78 On clicking this link, a new layer will be open
Buy new On clicking this link, a new layer will be open
$52.00 On clicking this link, a new layer will be open
More Buying Choices
37 New from $26.69 48 Used from $0.01
Free Two-Day Shipping for College Students with Prime Student Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student


Windows10ForDummiesVideo
Windows 10 For Dummies Video Training
Get up to speed with Windows 10 with this video training course from For Dummies. Learn more.
$52.00 FREE Shipping. In Stock. Ships from and sold by Amazon.com. Gift-wrap available.
click to open popover

Frequently Bought Together

  • Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions
  • +
  • Hacking Exposed Web Applications, Third Edition
  • +
  • The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
Total price: $124.28
Buy the selected items together

Editorial Reviews

About the Author

Rich Cannings is a senior information security engineer at Google.

Himanshu Dwivedi is a founding partner of iSEC Partners, an information security organization, and the author of several security books.

Zane Lackey is a senior security consultant with iSEC Partners.

NO_CONTENT_IN_FEATURE

The latest book club pick from Oprah
"The Underground Railroad" by Colson Whitehead is a magnificent novel chronicling a young slave's adventures as she makes a desperate bid for freedom in the antebellum South. See more

Product Details

  • Series: Hacking Exposed
  • Paperback: 258 pages
  • Publisher: McGraw-Hill Education; 1 edition (January 7, 2008)
  • Language: English
  • ISBN-10: 0071494618
  • ISBN-13: 978-0071494618
  • Product Dimensions: 7.3 x 0.6 x 9 inches
  • Shipping Weight: 1.1 pounds (View shipping rates and policies)
  • Average Customer Review: 3.4 out of 5 stars  See all reviews (7 customer reviews)
  • Amazon Best Sellers Rank: #2,688,760 in Books (See Top 100 in Books)

Customer Reviews

Top Customer Reviews

By Kornienko Mikhail on January 29, 2008
Format: Paperback Verified Purchase
I'm still in the middle of the book, and I definitely will skim thru all the remaining pages (just because I paid for it), but I wouldn't recommend the book to anyone looking for serious and in-depth study on web security - the book just doesn't offer that. What it does is a list of possible attack vectors and sometimes offers "solutions" which can help to fight with the attacks. However, the attacks descriptions are shallow, solutions are very short and non-extensive and many of them go as far as telling a user to install NoScript extension for Firefox (huh? Web 2.0 doesn't work with no JavaScript).

There are also quadrillions of links to a security-related site (won't list it here) which offers a toolbar to checks your sites again the most common security problems. I don't have anything against links to useful tools of course, but THAT amount of links just makes this book look like an advertisement of the fore-mentioned site. Am not even talking about page space wasted to re-iterate "go to ...., install ...., click .... in order to test for ....." which usually take 0.5-1 pages. Users who read that sort of books can somehow figure out how to use a toolbar, I believe.

I'm not by any means a security expert, and this book did introduce me into the topic, but it didn't do anything beyond that. I still need to read some other book on the topic, and that book will probably contain the same info as the Hacking Web 2.0 Exposed (i.e. the very basic info on web expoits), so.. I actually just recommend to pass on this book at all, and look for something which covers the topic in greater depth.
1 Comment 11 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions (Hacking Exposed)

The Hacking Exposed Web 2.0 book has proven to be a fairly huge disappointment for me. After some quality technical books in this series, the publisher has released what amounts to a sales tool for the author's software.

The front cover states "Web 2.0 Security Secrets and Solutions" but the inside of the book hasn't really lived up to that hype. Normally, when it comes to books by McGraw Hill with the Hacking Exposed title, I can expect a decent amount of technical detail on the topic at hand. With this book, it was a bit different. Now, before you think I'm blasting this book entirely, I want to make perfectly clear that there is valid information in this book, but in my opinion, it's pretty basic stuff. If you're a beginner in the world of web hacking, then this book might be worthwhile. However, if you've done much web hacking at all, I think you'll be discouraged at the basic nature of the information included.

The sales pitch starts right in Chapter 1 as the iSec Partners push their Security QA toolbar for web assessments. If you visit their website, they have two separate sections that contain potential software you can download and use. The Products section will allow you to download the trial version of this toolbar, but you have to talk to a sales person to get pricing on the software. But a good deal of the content they discuss in the book is based on this tool.

Now, with that said, there are good points for the book as well.
Read more ›
Comment 5 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
Thanks to McGraw-Hill for my review copy.

Based on my review criteria this book should have easily been a 4 or 5 star book, but I gave it 3 stars for its major flaw. Its major flaw is that it only talks about iSec partner's SecurityQA Toolbar as a tool for testing for the different types of web application vulnerabilities. Only discussing one closed source, for pay tool, that only runs on Windows is really disappointing from a security professional standpoint. I really expected a good snapshot in time on the DIFFERENT tools and techniques for doing web 2.0 auditing. There are tons of "for-pay" and more importantly FREE web application scanners and tools that look for the same vulnerabilities discussed in the book and the fact that they don't mention any other tools or methods is very disappointing.

Now that the above is out of the way...lets get on with the likes and dislikes.

Likes:
-The analysis of the samy worm is excellent. They break the code apart and really analyze what's going on and why it worked at the time.
-The chapter on ActiveX security is excellent. It covers a lot of ground on why ActiveX controls are bad, how to fuzz them and how to defend against them.
-The whole first part of the book on Web 1.0 vulnerabilities is well written, I had just finished XSS attacks and having that background helped a lot with the relevant chapters in HE Web 2.0.

Dislikes:
-The book is short, about 246 pages, that's probably too short for the price for a security book.
-A good chunk of the chapters cover over and over installing and using their SecurityQA Toolbar, I only need it once, if that.
-I think the book stops a bit short of actually exploiting Web 2.0 vulnerabilities. It talks a lot about identifying which 2.
Read more ›
1 Comment 4 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse

Set up an Amazon Giveaway

Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions
Amazon Giveaway allows you to run promotional giveaways in order to create buzz, reward your audience, and attract new followers and customers. Learn more about Amazon Giveaway
This item: Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions
Pages with Related Products. See and discover other items: computer security, computer network