Buy new:

$57.50

RRP: $82.95

Save: $25.45 (31%)

In stock.

[{"displayPrice":"$57.50","priceAmount":57.50,"currencySymbol":"$","integerValue":"57","decimalSeparator":".","fractionalValue":"50","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"d2fsig8FMbinn1LgiFDawstVsesBY4fY6pG2MeMeCbdh%2BYklunyNZsb1N8tnNm3wTdWn9WqTK5MXJnmc8HTN0le%2BvLda63jffkJ%2FTx%2BZqSRMuoP%2FKoTaQY8Wz4v383nqlPhxXgf9lBWaNbc5TSFypTQKXSmFoEO9","locale":"en-AU","buyingOptionType":"NEW"}]

$$57.50 () Includes selected options. Includes initial monthly payment and selected options. Details

Secure transaction

Ships from

Amazon AU

Sold by

Amazon AU

Details

Ships from

Amazon AU

Sold by

Amazon AU

Add a gift receipt for easy returns

Share <Embed>

Other Sellers on Amazon

Added

Not added

$68.75
& FREE Delivery

Sold by: BuyGlobal

Added

Not added

$67.32
+ $3.00 Delivery

Sold by: Book Depository UK

Added

Not added

$70.33
& FREE Delivery

Sold by: The Nile Australia

Flip to back Flip to front

Listen Playing... Paused You're listening to a sample of the Audible audio edition.
Learn more

See all 4 images

Follow the Author

Dafydd Stuttard

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws Paperback – Illustrated, 9 September 2011

by Dafydd Stuttard (Author), Marcus Pinto (Author)

811 ratings

Edition: 2^nd

See all formats and editions

Amazon Price

New from

Used from

Kindle

"Please retry"

$52.24

—

Paperback, Illustrated

"Please retry"

$57.50

—

Enhance your purchase

The highly successful security book returns with a new edition, completely updated

Web applications are the front door to most organizations, exposing them to attacks that may disclose personal information, execute fraudulent transactions, or compromise ordinary users. This practical book has been completely updated and revised to discuss the latest step-by-step techniques for attacking and defending the range of ever-evolving web applications. You'll explore the various new technologies employed in web applications that have appeared since the first edition and review the new attack techniques that have been developed, particularly in relation to the client side.

Reveals how to overcome the new technologies and techniques aimed at defending web applications against attacks that have appeared since the previous edition
Discusses new remoting frameworks, HTML5, cross-domain integration techniques, UI redress, framebusting, HTTP parameter pollution, hybrid file attacks, and more
Features a companion web site hosted by the authors that allows readers to try out the attacks described, gives answers to the questions that are posed at the end of each chapter, and provides a summarized methodology and checklist of tasks

Focusing on the areas of web application security where things have changed in recent years, this book is the most current resource on the critical topic of discovering, exploiting, and preventing web application security flaws.

ISBN-10

1118026470
ISBN-13

978-1118026472
Edition

2
Publisher

Wiley
Publication date

9 September 2011
Language

English
Dimensions

18.8 x 5.08 x 23.11 cm
Print length

912 pages
See all details

New children's books bundles!

Book bundles for children's growth and development. Shop now

Frequently bought together

+
+

Total Price:

To see our price, add these items to your cart.

Some of these items dispatch sooner than the others.

Show details Hide details

Choose items to buy together.

by Dafydd Stuttard Paperback
$57.50
In stock.
Ships from and sold by Amazon AU.
by Peter Kim Paperback
$42.83
In stock.
Ships from and sold by Amazon AU.
by Jon Erickson Paperback
$57.64
Only 4 left in stock (more on the way).
Ships from and sold by Amazon AU.

GEORGIA WEIDMAN
482
Paperback
12 offers from $21.43
Tim Arnold
297
Paperback
13 offers from $45.45
Peter Kim
831
Paperback
12 offers from $23.83
Vickie Li
75
Paperback
17 offers from $58.12
Jon Erickson
1,134
Paperback
16 offers from $56.01
Ben Clark
2,931
Paperback
9 offers from $21.14

From the Publisher

Product description

From the Publisher

DAFYDD STUTTARD is an independent security consultant, author, and software developer specializing in penetration testing of web applications and compiled software. Under the alias PortSwigger, Dafydd created the popular Burp Suite of hacking tools.

MARCUS PINTO delivers security consultancy and training on web application attack and defense to leading global organizations in the financial, government, telecom, gaming, and retail sectors.
The authors cofounded MDSec, a consulting company that provides training in attack and defense-based security.

From the Inside Flap

New technologies. New attack techniques. Start hacking.

Web applications are everywhere, and they're insecure. Banks, retailers, and others have deployed millions of applications that are full of holes, allowing attackers to steal personal data, carry out fraud, and compromise other systems. This book shows you how they do it.

This fully updated edition contains the very latest attack techniques and countermeasures, showing you how to break into today's complex and highly functional applications. Roll up your sleeves and dig in.

Discover how cloud architectures and social networking have added exploitable attack surfaces to applications
Leverage the latest HTML features to deliver powerful cross-site scripting attacks
Deliver new injection exploits, including XML external entity and HTTP parameter pollution attacks
Learn how to break encrypted session tokens and other sensitive data found in cloud services
Discover how technologies like HTML5, REST, CSS and JSON can be exploited to attack applications and compromise users
Learn new techniques for automating attacksand dealing with CAPTCHAs and cross-site request forgery tokens
Steal sensitive data across domains using seemingly harmless application functions and new browser features

Find help and resources at http://mdsec.net/wahh

Source code for some of the scripts in the book
Links to tools and other resources
A checklist of tasks involved in most attacks
Answers to the questions posed in each chapter
Hundreds of interactive vulnerability labs

From the Back Cover

New technologies. New attack techniques. Start hacking.

Web applications are everywhere, and they're insecure. Banks, retailers, and others have deployed millions of applications that are full of holes, allowing attackers to steal personal data, carry out fraud, and compromise other systems. This book shows you how they do it.

This fully updated edition contains the very latest attack techniques and countermeasures, showing you how to break into today's complex and highly functional applications. Roll up your sleeves and dig in.

Discover how cloud architectures and social networking have added exploitable attack surfaces to applications
Leverage the latest HTML features to deliver powerful cross-site scripting attacks
Deliver new injection exploits, including XML external entity and HTTP parameter pollution attacks
Learn how to break encrypted session tokens and other sensitive data found in cloud services
Discover how technologies like HTML5, REST, CSS and JSON can be exploited to attack applications and compromise users
Learn new techniques for automating attacksand dealing with CAPTCHAs and cross-site request forgery tokens
Steal sensitive data across domains using seemingly harmless application functions and new browser features

Find help and resources at http://mdsec.net/wahh

Source code for some of the scripts in the book
Links to tools and other resources
A checklist of tasks involved in most attacks
Answers to the questions posed in each chapter
Hundreds of interactive vulnerability labs

About the Author

DAFYDD STUTTARD is an independent security consultant, author, and software developer specializing in penetration testing of web applications and compiled software. Under the alias PortSwigger, Dafydd created the popular Burp Suite of hacking tools.

MARCUS PINTO delivers security consultancy and training on web application attack and defense to leading global organizations in the financial, government, telecom, gaming, and retail sectors.
The authors cofounded MDSec, a consulting company that provides training in attack and defense-based security.

Start reading The Web Application Hacker's Handbook on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Product details

Publisher ‏ : ‎ Wiley; 2 edition (9 September 2011)
Language ‏ : ‎ English
Paperback ‏ : ‎ 912 pages
ISBN-10 ‏ : ‎ 1118026470
ISBN-13 ‏ : ‎ 978-1118026472
Dimensions ‏ : ‎ 18.8 x 5.08 x 23.11 cm

Best Sellers Rank: 56,486 in Books (See Top 100 in Books)
- 71 in Online Privacy & Safety
- 78 in Network Security
- 86 in Computer Hacking

Customer Reviews:
811 ratings

About the author

Follow authors to get new release updates, plus improved recommendations.

Dafydd Stuttard

Brief content visible, double tap to read full content.

Full content visible, double tap to read brief content.

Discover more of the author’s books, see similar authors, read author blogs, and more

Customer reviews

5 star		76%
4 star		13%
3 star		6%
2 star		2%
1 star		3%

How are ratings calculated?

Review this product

Write a customer review

Top review from Australia

There was a problem filtering reviews right now. Please try again later.

Dharmesh Kemkar

A must have for every web developer

Reviewed in Australia on 11 August 2019

Verified Purchase

Excellent, in-depth content. Easy to understand language and a wealth of quality topics.

Helpful

Top reviews from other countries

Marcus

Accessible, informative and relevant despite the age

Reviewed in the United Kingdom on 3 November 2021

Verified Purchase

Other reviewers have said that this book is best used as a reference, they say not to read this ~700 page book cover-to-cover. I read this cover to cover.

While on a first read-through it was not possible to take everything in, I found this to be highly accessible for a technical book. The writing style was quite casual. Examples are made from an informed perspective and relevant background for every exploit was presented in an understandable way.

This is not a "cook-book" of ready to use exploits, but more an explanation of the mind-set required to develop your own exploits and a presentation of the background to specific circumstances that allow such exploits.

I have to say that this is an old book considering the pace of technological advancement and reference is made to deprecated technologies such as Flash and Silverlight, but as a primer, a historical snapshot and an introduction to the mind-set required to effectively use exploits in general, this was a very good read.

Don't expect to sit down and have an easy time, this is a technical book and I found it challenging in this respect, but I am extremely glad I decided to purchase this book and read it cover-to-cover.

I would say this book is best read while dividing time with more current resources such as the Portswigger Academy, labs provided by sites such as TryHackMe, etc.

Dafydd Stuttard, one of the authors, is the core developer of BurpSuite (by Portswigger), and reading this summary of the web hacking landscape has given me a new perspective on this world-leading application.

I would strongly recommend this to anyone interested in web hacking specifically, but also hacking in general.

One person found this helpful

Calvin Gates

A good reference

Reviewed in the United Kingdom on 15 January 2019

Verified Purchase

I find this book to be a good reference. As a beginner pen-tester, i'm learning the ropes and this book makes sense in some parts and doesn't make sense in others. It's probably because it's huge - with so many pages, it's aiming to take care of so many topics and cover subject matter for both newbie pen-testers and experienced pen-testers.

I think as time goes on, the book will become even more useful for me. For the price and the staggering amount of detail and information, it's a no-brainer. This is basically a fantastic reference book and knowledge-base for anyone who is serious about digital security.

3 people found this helpful

TKO464

A timeless and definitive guide on web application security

Reviewed in the United Kingdom on 5 May 2021

Verified Purchase

This is the definitive guide on attacking and defending web applications. Anyone looking to enter the field of security consulting can't do much better than reading this book cover to cover. It is, admittedly, a long read at over 900 pages, and not one that I think people could or should sit down and push through quickly. Although the book is a few years old now, most of the content is still very much relevant to today's web applications and it is absolutely recommended for anyone looking to get a better idea of web application security, particularly those who haven't had a background in the security field.

M. SMITH

Much more than SQL Injection and XSS

Reviewed in the United Kingdom on 18 December 2011

Verified Purchase

I read this book in preparation for the Live Course which was presented by Marcus.

While reading the book i found it was quite dry because i was not doing the practical excersises available online. As you have to pay for them i wasn't sure if it would be worth it. With hindsight after doing the course i would highly recommend using them. It will make the content a lot more interesting but also teach a key skill which the book doesn't:

The key to most pen testing and vulnerability research is persistence and logical thinking. It is very well to think you know how a certain bug works but it can still be quite a challenge to actually implement it.

I feel very lucky to have been able to attend the live course for hands on help from the authors but you can definitely get all the information and practice you need purely from the book and the website. Its a shame that there isn't a couple of hours of practical time included when you buy the book.

It is very well written and covers all the areas you would expect. A lot of the old school web bugs explained such as SQL injection and less common now because of better programming practices and interfaces. Later chapters in the book such as the methodologies and logic flaw errors are timeless.

The book also provides real world solutions and mitigation's for the attacks described so this is highly recommended for anyone who develops web applications swell as people who carry out penetration testing on them.

While this may not be the best book ever written i think it definitively describes the topic therefore i have given it 5 stars.

7 people found this helpful

Amazon Customer

Highly recommend!!

Reviewed in the United Kingdom on 4 July 2022

Verified Purchase

Obviously web applications are not exactly the same as when the book was written but the principles and the logic of hacking them are still the same. Have learned tons already and I'm only 100 pages in

See all reviews

Buy new:

$57.50

Recommended Retail Price (RRP)

Other Sellers on Amazon

Follow the Author

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws Paperback – Illustrated, 9 September 2011

Enhance your purchase

Frequently bought together

Customers who viewed this item also viewed

From the Publisher

Product description

From the Publisher

From the Inside Flap

From the Back Cover

About the Author

Product details

About the author

Dafydd Stuttard

Customer reviews

Review this product

Top review from Australia

There was a problem filtering reviews right now. Please try again later.

Top reviews from other countries

Buy new: $57.50

Recommended Retail Price (RRP)

Other Sellers on Amazon

Follow the Author

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws Paperback – Illustrated, 9 September 2011

Enhance your purchase

Frequently bought together

Customers who viewed this item also viewed

From the Publisher

Product description

From the Publisher

From the Inside Flap

From the Back Cover

About the Author

Product details

About the author

Dafydd Stuttard

Customer reviews

Review this product

Top review from Australia

There was a problem filtering reviews right now. Please try again later.

Top reviews from other countries

Buy new:

$57.50