Rating: 
Summary: If you are responsible for a web site, get this book
Review: This no-fluff book weighs in at just under 500 pages that are guaranteed to quell any feelings of complacency you may have about the safety of your website. One of the gnawing concerns I live with is that my website will be hacked. I can't say this book made me feel better about that fear, but it brought to light a number of things to talk to my people about. Using real-world examples, it explains the kinds of openings hackers look for, and the ways they exploit those openings to do their damage. In some senses, this book is not just a warning, it is also a how-to for Internet security. The general premise of this book is that no one is safe from attack, and if you're not already a victim, that's only a matter your good luck so far. Read this book. Study it carefully. Keep it on the nearest, most convenient bookshelf. New kinds of attacks are being developed all the time. But this book will prepare you for what's out there so far, and give you some insight into the kinds of things to watch for in the future.
Rating:
Summary: If you are responsible for a web site, get this book
Review: This no-fluff book weighs in at just under 500 pages that are guaranteed to quell any feelings of complacency you may have about the safety of your website. One of the gnawing concerns I live with is that my website will be hacked. I can't say this book made me feel better about that fear, but it brought to light a number of things to talk to my people about. Using real-world examples, it explains the kinds of openings hackers look for, and the ways they exploit those openings to do their damage. In some senses, this book is not just a warning, it is also a how-to for Internet security. The general premise of this book is that no one is safe from attack, and if you're not already a victim, that's only a matter your good luck so far. Read this book. Study it carefully. Keep it on the nearest, most convenient bookshelf. New kinds of attacks are being developed all the time. But this book will prepare you for what's out there so far, and give you some insight into the kinds of things to watch for in the future.
Rating:
Summary: Grab a cup of ¿joe¿ curl up in a comfy place and get ready f
Review: Web Hacking, Attacks and Defense by Stuart McClure, Saumil Shah and Shreeraj Shah is an excellent introductory level book to the world of web hacking. If you are a seasoned professional you will also enjoy having this book in your collection, as it is an excellent resource book. Ever wonder how anyone can enter a web site and see more than what's presented? With a clear understanding of the protocols, web languages, an understanding of the processes behind e commerce and a bit of historical knowledge you too can hack a web site, and wind up on the FBI's most wanted list. But by the same token, a little bit of knowledge is a powerful thing, with the information presented here you can easily get started on the road to keeping the hackers out, and damage to a minimum if they do get in. The chapters are clearly laid out, and include code with explanations of the weaknesses, referrals to more in depth study, precautionary measures you can take to help secure your site and a look at the various tools available to harden your site. IIS and Apache are reviewed, along with Oracle and SQL Server to show some of the more popular Web Servers and Databases, how they work, are exploited and ways to harden them against attack. The protocols used by the web, web programming languages, and an explanation of how a browser interprets commands are graphically laid out with examples presented. It would be hard to come away from this book with out an understanding of the concepts, as they are so clearly defined. Everything from setting a common understanding of terms to basic E Commerce concepts to unraveling Code Red and a truly unique presentation of IDS (Intrusion Detection Systems) is presented and well worth the time it takes to read. Enjoy!
Rating: 
Summary: Excellent book on web security
Review: Web Hacking: Attacks and Defense is quite similar to 'Hacking Exposed Web Applications' by Joel Scambray & Mike Shema. Both Hacking Exposed Web Applications and Web Hacking: Attacks and Defense will clearly open one's eyes to the risks of web hacking. Forgetting for a minute the myriad vulnerabilities that effect many software products (including Windows, Apache, ColdFusion, and more), both books show how poorly written software, and misconfigured web servers make the penetration of web servers child's play. Both books provide step-by-step instructions in a easy to read style for hardening web servers against attack. For those that have read previous and are comfortable with books in the Hacking Exposed serious, Hacking Exposed Web Applications uses the same easy to read and well organized style. Web Hacking: Attacks and Defense has almost the same amount of content, but is written in a slightly more technical manner. Both books clearly explain how hackers gather information, acquire targets, gain control, and afterwards cover their track. Anyone interested in ensuring their web servers are secured should definitely read these books. Both books have a lot of value even for those who are not so security conscious. For those with an interest in security, one's eyes will be open to the myriad places where vulnerabilities lie, from software, to scripts, mark-up files, and more. Anyone concerned with web server security should definitely read these books, or at least ensure their system administrators do.
Rating:
Summary: Excellent book on web security
Review: Web Hacking: Attacks and Defense is quite similar to 'Hacking Exposed Web Applications' by Joel Scambray & Mike Shema. Both Hacking Exposed Web Applications and Web Hacking: Attacks and Defense will clearly open one's eyes to the risks of web hacking. Forgetting for a minute the myriad vulnerabilities that effect many software products (including Windows, Apache, ColdFusion, and more), both books show how poorly written software, and misconfigured web servers make the penetration of web servers child's play. Both books provide step-by-step instructions in a easy to read style for hardening web servers against attack. For those that have read previous and are comfortable with books in the Hacking Exposed serious, Hacking Exposed Web Applications uses the same easy to read and well organized style. Web Hacking: Attacks and Defense has almost the same amount of content, but is written in a slightly more technical manner. Both books clearly explain how hackers gather information, acquire targets, gain control, and afterwards cover their track. Anyone interested in ensuring their web servers are secured should definitely read these books. Both books have a lot of value even for those who are not so security conscious. For those with an interest in security, one's eyes will be open to the myriad places where vulnerabilities lie, from software, to scripts, mark-up files, and more. Anyone concerned with web server security should definitely read these books, or at least ensure their system administrators do.
Rating:
Summary: Good Overview Of Attacks & Defense
Review: Web Hacking: Attacks and Defense is quite similar to `Hacking Exposed Web Applications' by Joel Scambray & Mike Shema. Both Hacking Exposed Web Applications and Web Hacking: Attacks and Defense will clearly open one's eyes to the risks of web hacking. Forgetting for a minute the myriad vulnerabilities that effect many software products (including Windows, Apache, ColdFusion, and more), both books show how poorly written software, and misconfigured web servers make the penetration of web servers child's play. Both books provide step-by-step instructions in a easy to read style for hardening web servers against attack. For those that have read previous and are comfortable with books in the Hacking Exposed serious, Hacking Exposed Web Applications uses the same easy to read and well organized style. Web Hacking: Attacks and Defense has almost the same amount of content, but is written in a slightly more technical manner. Both books clearly explain how hackers gather information, acquire targets, gain control, and afterwards cover their track. Anyone interested in ensuring their web servers are secured should definitely read these books. Both books have a lot of value even for those who are not so security conscious. For those with an interest in security, one's eyes will be open to the myriad places where vulnerabilities lie, from software, to scripts, mark-up files, and more. Anyone concerned with web server security should definitely read these books, or at least ensure their system administrators do.
Rating:
Summary: Entertaining and educational
Review: Web services infrastructure for electronic commerce. So hard to built,
even harder to secure. With this great book, it is sooo easy to
subvert, destroy, corrupt and otherwise blast it to really small
pieces. Rival the glory of Mr Lamo with just the book and the web
browser! Humor aside, the new book is a valuable resource for security
professionals. As other awesome books written by the Foundstone folks,
it provides the wealth of often exclusive information on the new and
dangerous security domain - web application and services hacking. Amazingly, I believe the book will also help web developers to
understand the implication of their actions and design decisions. It
is indeed hard to write a book that appeals to both "in-the-know"
crowd and more general populace, but Stuart McClure team managed to
succeed at that. An important advantage of this book is the detailed review of modern
web technologies. From HTML and XML feature summary to web application architectures the book covers many web commerce and web services
components on front end, back end and middle tier. Moreover, security
implication are emphasized for every outlined feature and technology. Starting from Java and HTML primers, the book unfolds its exciting
story all the way to SQL injection and IDS evasion via Unicode and
SSL. The detailed coverage of web reconnaissance techniques such as
URL and page headers fingerprinting and site linkage analysis is
provided. Another cool information gathering techniques is eliciting
error messages from back end web application for their identification
and penetration. Truncated URLs, invalid resource requests and
parameter tampering are have a chance to produce an elusive and
informational message from the applications and databases. Case studies, while reminiscent of bad comic books (such as the one
about an bad Russian hacker, Boris), do serve to illustrate the web
hacking concepts and are quite informational. Web defacers and ID thieves will also pick up a lesson or two from the
authors. Several techniques for subverting web application into
uploading your own content and stealing access credentials (such as
cookies) are covered in the book, often with the excruciating level of
detail. Every self-respecting web hacker should be able to keep up with their
adversaries by reading their email. Several tricks for hacking web
mail systems are also shared by the authors. Overall, my impression is that the book is not as brilliantly written
as previous Foundstone titles. However, this is understandable since
it is very hard to beat such masterpieces as "Incident Response" and
"Hacking Exposed". It is a definite "must get!" While providing many
defense methods and "best practice" designs, the book is stronger on
the attack side. Anton Chuvakin, Ph.D., GCIA is a Senior
Security Analyst with a major information security company. His areas
of infosec expertise include intrusion detection, UNIX security,
honeypots, etc. In his spare time he maintains his security portal
| 
