The Web Application Hacker's Handbook has just been published (in the US at
least - the rest of the world catches up shortly).
Co-authored by PortSwigger (creator of Burp), this book aims to be the most
deep and comprehensive general purpose guide to hacking web applications
that is currently available.
The book is highly practical in focus, and describes in detail the steps
involved in detecting and exploiting all kinds of web application security
flaws. The coverage is broad, from easy attacks like password guessing
through to advanced techniques like blind code injection, reversing
client-side components, and uncovering subtle logic flaws. Each topic is
illustrated using real-world examples, screen shots and code extracts.
In addition to specific vulnerabilities, the book describes numerous
techniques such as mapping an application's attack surface, leveraging
automation to speed up customised attacks, and finding security bugs in
source code. It also includes a comprehensive methodology for performing web
application penetration tests.
You can view the full table of contents and read some extracts from the book
here:
http://www.amazon.com/dp/0470170778
Cheers,
PortSwigger
-------------------------------------------------------------------------
Sponsored by: Watchfire
Cross-Site Scripting (XSS) is one of the most common application-level
attacks that hackers use to sneak into web applications today. This
whitepaper will discuss how traditional XSS attacks are performed, how to
secure your site against these attacks and check if your site is protected.
Cross-Site Scripting Explained - Download this whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701700000009405
-------------------------------------------------------------------------
