Bubble Witch Saga 3 Industrial Deals Best Books of the Month Shop new men's suiting nav_sap_hiltonhonors_launch $5 Digital Albums Get 10% cashback on thousands of musical instruments with your Amazon.com Store Credit Card Starting at $39.99 Grocery Handmade Tote Bags Book a house cleaner for 2 or more hours on Amazon Fall TV Binge-worthy season premieres are here Fall TV Binge-worthy season premieres are here Fall TV Binge-worthy season premieres are here  Introducing Echo Show Introducing All-New Fire HD 10 with Alexa hands-free $149.99 Kindle Oasis, unlike any Kindle you've ever held Shop Now ToyHW17_gno

Customer Review

on July 20, 2007
XSS Attacks earns 4 stars for being the first book devoted to Cross Site Scripting and for rounding up multiple experts on the topic. The authors are synonymous with attacking Web applications and regularly share their vast expertise via their blogs and tools. However, XSS Attacks suffers the same problems found whenever Syngress rushes a book to print -- nonexistent editing and uneven content. I found XSS Attacks to be highly enlightening, but I expect a few other books on the topic arriving later this year could be better.

First, as Tadaka mentioned, ch 3 is the best written part of the book. In fact, the author of ch 3 should have written the entire book. There is a difference between an author of a tool, an author of a blog, and an author of a book. The author of ch 3 clearly knows how to make a clear argument over the course of a long stretch of pages (over 90) and carry the reader. Lucky for non-book-buyers, Syngress posted ch 3 for free on their Web site. You'll get a great foundation on XSS, and learn about CSRF and backdooring Flash and Quicktime.

In terms of readability, ch 2 wasn't bad. I liked trying out various Firefox extensions and the author's examples were good. I think ch 1 should be completely dropped. It mentions terms not defined until ch 2. The language is exceptionally rough, indicating zero editing was done. The DNS pinning examples in ch 5 were confusing; it doesn't help novice readers to discuss [...] and then use [...]. (I think that's an error.) I really didn't get as much from the book past ch 3 as I did from ch 3.

The major take-away from XSS Attacks is that one should never trust clients. Furthermore, far too many vulnerable capabilities exist in applications most people would never dream of fearing, like those that render .pdf or .swf. I really liked the point that browsers constantly interpret and "fix" broken HTML, sometimes to the detriment of the security world. I also liked reading how users can be duped by attacks against the integrity of data, such as adding or removing details of Web sites.

Right now, if you want to learn more about recent XSS attacks in printed form, this book is your main option. Last year I favorably reviewed Lance James' book, Phishing Exposed, which includes some of these techniques. Later this year one of the other book reviewers, Dafydd Stuttard, should be publishing The Web Application Hackers Handbook: Discovering and Exploiting Security Flaws. Syngress claims to be publishing Web Application Vulnerabilities: Detect, Exploit, Prevent by Steven Palmer in the fall. Hacking Exposed Web 2.0 by Himanshu Dwivedi is another option, but I find his security books to be poorly written. I highly recommend visiting the authors' blogs, since they cover a lot of the information in XSS Attacks.
0Comment| 17 people found this helpful. Was this review helpful to you?YesNoReport abuse| Permalink
What's this?

What are product links?

In the text of your review, you can link directly to any product offered on Amazon.com. To insert a product link, follow these steps:
1. Find the product you want to reference on Amazon.com
2. Copy the web address of the product
3. Click Insert product link
4. Paste the web address in the box
5. Click Select
6. Selecting the item displayed will insert text that looks like this: [[ASIN:014312854XHamlet (The Pelican Shakespeare)]]
7. When your review is displayed on Amazon.com, this text will be transformed into a hyperlink, like so:Hamlet (The Pelican Shakespeare)

You are limited to 10 product links in your review, and your link text may not be longer than 256 characters.

Please write at least one word
You must purchase at least one item from Amazon to post a comment
A problem occurred while submitting your comment. Please try again later.

There was a problem loading comments right now. Please try again later.


Product Details

4.1 out of 5 stars
6
$66.95+ Free shipping with Amazon Prime