Enter your mobile number below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
Getting the download link through email is temporarily not available. Please check back later.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your mobile phone number.

Web Hacking: Attacks and Defense 1st Edition

4.5 out of 5 stars 13 customer reviews
ISBN-13: 078-5342761764
ISBN-10: 0201761769
Why is ISBN important?
This bar-code number lets you verify that you're getting exactly the right version or edition of a book. The 13-digit and 10-digit formats both work.
Scan an ISBN with your phone
Use the Amazon App to scan ISBNs and compare prices.
Have one to sell? Sell on Amazon
Buy used On clicking this link, a new layer will be open
$13.97 On clicking this link, a new layer will be open
Buy new On clicking this link, a new layer will be open
$32.48 On clicking this link, a new layer will be open
More Buying Choices
21 New from $12.00 41 Used from $0.01
Free Two-Day Shipping for College Students with Prime Student Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student

ITPro.TV Video Training
Take advantage of IT courses online anywhere, anytime with ITPro.TV. Learn more.
$32.48 FREE Shipping. Only 1 left in stock (more on the way). Ships from and sold by Amazon.com. Gift-wrap available.
click to open popover

Editorial Reviews

From the Back Cover

"Both novice and seasoned readers will come away with an increased understanding of how Web hacking occurs and enhanced skill at developing defenses against such Web attacks. Technologies covered include Web languages and protocols, Web and database servers, payment systems and shopping carts, and critical vulnerabilities associated with URLs. This book is a virtual battle plan that will help you identify and eliminate threats that could take your Web site off line..."
--From the Foreword by William C. Boni, Chief Information Security Officer, Motorola
"Just because you have a firewall and IDS sensor does not mean you aresecure; this book shows you why."
--Lance Spitzner, Founder, The Honeynet Project
Whether it's petty defacing or full-scale cyber robbery, hackers are moving to the Web along with everyone else. Organizations using Web-based business applications are increasingly at risk. Web Hacking: Attacks and Defense is a powerful guide to the latest information on Web attacks and defense. Security experts Stuart McClure (lead author of Hacking Exposed), Saumil Shah, and Shreeraj Shah present a broad range of Web attacks and defense.

Features include:

  • Overview of the Web and what hackers go after
  • Complete Web application security methodologies
  • Detailed analysis of hack techniques
  • Countermeasures
  • What to do at development time to eliminate vulnerabilities
  • New case studies and eye-opening attack scenarios
  • Advanced Web hacking concepts, methodologies, and tools

"How Do They Do It?" sections show how and why different attacks succeed, including:

  • Cyber graffiti and Web site defacements
  • e-Shoplifting
  • Database access and Web applications
  • Java™ application servers; how to harden your Java™ Web Server
  • Impersonation and session hijacking
  • Buffer overflows, the most wicked of attacks
  • Automated attack tools and worms

Appendices include a listing of Web and database ports, cheat sheets for remote command execution, and source code disclosure techniques.

Web Hacking informs from the trenches. Experts show you how to connect the dots--how to put the stages of a Web hack together so you can best defend against them. Written for maximum brain absorption with unparalleled technical content and battle-tested analysis, Web Hacking will help you combat potentially costly security threats and attacks.


About the Author

Stuart McClure, President/CTO, Foundstone, Inc., brings over 12 years of IT and security experience to Foundstone. Stuart is a successful security author, speaker, and teacher whose writings have been translated into dozens of languages around the world.

Stuart is the lead author of the best-selling security book Hacking Exposed: Network Security Secrets and Solutions, which has been translated into 19 languages, and has received critical acclaim around the world. In addition, it was ranked the #4 computer book sold on Amazon in 2001, positioning it as the best selling security book ever sold.

Prior to co-founding Foundstone, Stuart was a Senior Manager with Ernst & Young's National Security Profiling Team responsible for project management, attack and penetration reviews, and security technology evaluations. Prior to Ernst & Young, Stuart was a Security Analyst for the InfoWorld Test Center where he covered the security industry and evaluated over 100 network and security products specializing in firewalls, security auditing, intrusion detection, and public key infrastructure (PKI). Prior to InfoWorld, Stuart was the IT manager for State and Local Governments, supporting Novell, NT, Solaris, AIX, and AS/400 platforms.

Stuart holds a B.A. degree from the University of Colorado, Boulder and numerous certifications including ISC2's CISSP, Novell's CNE, and Check Point's CCSE.

Saumil continues to lead the efforts in e-commerce security research at Net-Square. His focus is on researching vulnerabilities with various e-commerce and Web-based application systems. Saumil also provides information security consulting services to Net-Square clients, specializing in ethical hacking and security architecture. He holds a designation of Certified Information Systems Security Professional. Saumil has had more than eight years experience with system administration, network architecture, integrating heterogenous platforms and information security, and has perfomed numerous ethical hacking exercises for many significant companies in the IT area. Saumil is a regular speaker at security conferences such as BlackHat, RSA, etc.

Previously, Saumil was the Director of Indian Operations for Foundstone Inc, where he was instrumental in developing their Web application security assessment methodology, the Web assessment component of FoundScan--Foundstone's Managed Security Services software and was instrumental in pioneering Foundstone's Ultimate Web Hacking training class.

Prior to joining Foundstone, Saumil was a senior consultant with Ernst & Young, where he was responsible for the company's ethical hacking and security architecture solutions. Saumil has also worked at the Indian Institute of Management, Ahmedabad, as a research assistant and is currently a visiting faculty member there.

Saumil graduated from Purdue University with a master's degree in computer science and a strong research background in operating systems, networking, information security, and cryptography. At Purdue, he was a research assistant in the COAST (Computer Operations, Audit and Security Technology) laboratory. He got his undergraduate degree in computer engineering from Gujarat University, India. Saumil is also the author of The Anti-Virus Book (Tata McGraw-Hill, 1996).

Shreeraj leads the software development and research arm of Net-Square. His role is to develop new methodologies for Web application security assessment and defense. In the past, he has been involved in several Web application assessment projects, protocol analysis, code reviews, ethical Web hacking, etc. He has also been a speaker at RSA and BlackHat.

Shreeraj has vast experience in the fields of security, application development, and network administration in addition to his strong technical background, client management skills, project management, and research methodologies. He was a member of the core development team for the Web application assessment engine at Foundstone. Shreeraj also worked with Chase Manhattan Bank in their middleware application division. Prior to joining Chase, Shreeraj worked with IBM's Domino Application Server team.

Shreeraj graduated from Marist College with a master's degree in computer science. He received his MBA at the Nirma Institute of Managment, India. He got his bachelor's degree in instrumentation and controls engineering from Gujarat University, India. Shreeraj has also authored quite a few white papers during his academic period both in India and USA.


New York Times best sellers
Browse the New York Times best sellers in popular categories like Fiction, Nonfiction, Picture Books and more. See more

Product Details

  • Paperback: 528 pages
  • Publisher: Addison-Wesley Professional; 1 edition (August 18, 2002)
  • Language: English
  • ISBN-10: 0201761769
  • ISBN-13: 978-0201761764
  • Product Dimensions: 7.3 x 1.2 x 9 inches
  • Shipping Weight: 2 pounds (View shipping rates and policies)
  • Average Customer Review: 4.5 out of 5 stars  See all reviews (13 customer reviews)
  • Amazon Best Sellers Rank: #933,947 in Books (See Top 100 in Books)

Customer Reviews

Top Customer Reviews

By Marco De Vivo on September 28, 2002
Format: Paperback Verified Purchase
So you heard all this hype on Web Hacking, and want to know more about this matter.
Well, if you think about the web as an e-commerce platform, then just Buy 'Web Security, Privacy & Commerce' by Garfinkel and Spafford, an excellent and classic book.
Are you interested in 'pure hacking'? I mean 'perl scripts', cross site and traversal attacks, hackers jargon, and all the related issues..... then buy 'Hacking Web Applications Exposed' by Scambray and Shema. Excellent book too, and excellent authors. But beware, it is not for newbies. You MUST have a lot of background to fully understand the attacks.
Now, what about an easier generic book, covering the same issues as the others but in a step by step and kinder way.? A book to start from zero, but leading to understand all the currently related themes. Well, if this is what you want, then 'Web Hacking' is your book. It covers all that need to be covered in this area. In an easy and well structured way. The reading is very light and the authors 'break down' of the matter, makes the contents very intuitive.
The book is structured into four main sections (covering the same areas as the previously referred books) :
** The E-commerce Playground
** URLs Unraveled
** How Do They Do It?
** Advanced Web Kung Fu
It includes also, several interesting appendixes (specially useful the 'cheat sheet' appendix).
A lot of simple case studies (of the kind 'Bob and Alice') are presented as well as some more technical analyses (Code Red, Nimda etc.)
If I were to select a book as a reference for a first course on web security, 'Web Hacking' would be my choise. Definitively.
Comment 31 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
This book has a wealth of information on the subject of Web Hacking. As an administrator responsible for the well-being of various web servers, it is important for me to keep up with the vulnerabilities and know the tactics of crackers, and this book filled me in with more than enough knowledge.
The book starts out with good introduction on the topic of web languages, and leads you to various topics such as finding and exploiting buffer overflows. There is a _lot_ of ground covered in this book including databases, cracking tools, SQL code injection, countermeasures, etc.
If you are responsible for any host sitting on the internet, this is your bible.
Comment 17 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
Web Hacking, Attacks and Defense by Stuart McClure, Saumil Shah and Shreeraj Shah is an excellent introductory level book to the world of web hacking. If you are a seasoned professional you will also enjoy having this book in your collection, as it is an excellent resource book.
Ever wonder how anyone can enter a web site and see more than what's presented? With a clear understanding of the protocols, web languages, an understanding of the processes behind e commerce and a bit of historical knowledge you too can hack a web site, and wind up on the FBI's most wanted list. But by the same token, a little bit of knowledge is a powerful thing, with the information presented here you can easily get started on the road to keeping the hackers out, and damage to a minimum if they do get in.
The chapters are clearly laid out, and include code with explanations of the weaknesses, referrals to more in depth study, precautionary measures you can take to help secure your site and a look at the various tools available to harden your site.
IIS and Apache are reviewed, along with Oracle and SQL Server to show some of the more popular Web Servers and Databases, how they work, are exploited and ways to harden them against attack. The protocols used by the web, web programming languages, and an explanation of how a browser interprets commands are graphically laid out with examples presented. It would be hard to come away from this book with out an understanding of the concepts, as they are so clearly defined.
Everything from setting a common understanding of terms to basic E Commerce concepts to unraveling Code Red and a truly unique presentation of IDS (Intrusion Detection Systems) is presented and well worth the time it takes to read.
Comment 12 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
During the last several years we have seen a sharp rise in the number of methods employed to hack into computer systems worldwide. The frequency of such attacks is alarming and the consequences are staggering. Clever minds, basic computer and programming skills, and knowledge of system exploits coupled with the intent to cause harm of one kind or another is a hard combination to beat.
Stuart McClure, Saumil Shah, and Shreeraj Shah have written Web Hacking: Attacks and Defense to provide solid insight into the very strategies involved to successfully hack into vulnerable computer systems. This book features extensive coverage of popular and lesser known exploits that allows successful hacking to take place. Readers will read up on them, they can actually challenge them - hopefully against their own systems, and they can prepare their own strategies to counter possible future hacking attempts against their own systems.
I was truly amazed as I read one system exploit after another - it seemed so easy for people to go hacking these days. Case studies were intriguing - Website defacement, intercepting and deleting e-mail messages, determining passwords, stealing identities, shopping cart shoplifting, credit card fraud, and more. I easily concluded that just about anyone with basic programming skills could have a serious go at hacking into a computer system if armed with the information provided in this book.
The authors walk readers through actual hacking processes using programming code lines, screen shots, graphical diagram analysis, and they discuss in plain English how hacking attempts and other forms of mischief takes place. In short - readers are put in the hacker's seat and shown how to do it.
Read more ›
Comment 12 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse

Most Recent Customer Reviews

Set up an Amazon Giveaway

Web Hacking: Attacks and Defense
Amazon Giveaway allows you to run promotional giveaways in order to create buzz, reward your audience, and attract new followers and customers. Learn more about Amazon Giveaway
This item: Web Hacking: Attacks and Defense

Pages with Related Products. See and discover other items: computer security