Rating: 
Summary: Unsettling but necessary
Review: Like powerful medicine, the "Hacking Exposed" series of books are unsettling and unnerving, but ultimately required reading for anyone serious about Internet security. The Web Application installment of the series covers exploits related to client- and server-side applications, as well as database and Web service compromises. For beginners, the book includes a section on server hacking, complete with explanations of the "script kiddie" tools that are nonetheless powerful and potentially damaging. And naturally, much emphasis is placed on security best practices and specific techniques for blocking potentially devastating exploits.
Rating:
Summary: Yet Another Excellent Hacking Exposed book
Review: There is an unofficial time cycle called an ohnosecond, which is the amount of time between when you realize you left your keys in the car, and when the car door locks. While its frustrating paying the locksmith $100.00 to open the car door, it is also exasperating to the person paying the $100.00 that a good locksmith can open the car door in under a minute. While a car door is a entrance to one's automobile, web servers are portals to corporate intranets, e-commerce offerings, and much more. And while a locksmith or thief can open a car door in a minute, so too can adversaries often penetrate corporate web servers with similar ease. For those that don't accept the comparison, reading Hacking Exposed Web Applications will clearly open one's eyes. Forgetting for a minute the myriad vulnerabilities that effect many software products (including Windows, Apache, ColdFusion, and more), both books show how poorly written software, and misconfigured web servers make the penetration of web servers child's play. The book provides step-by-step instructions in a easy to read style for hardening web servers against attack. For those that have read previous and are comfortable with books in the Hacking Exposed serious, Hacking Exposed Web Applications uses the same easy to read and well organized style. The book has a lot of value even for those who are not so security conscious. For those with an interest in security, one's eyes will be open to the myriad places where vulnerabilities lie, from software, to scripts, mark-up files, and more. Anyone concerned with web server security should definitely read this title, or at least ensure their system administrators do. If not, think of your web servers as being Gone in 60 Seconds.
Rating:
Summary: Yet Another Excellent Hacking Exposed book
Review: There is an unofficial time cycle called an ohnosecond, which is the amount of time between when you realize you left your keys in the car, and when the car door locks. While its frustrating paying the locksmith $100.00 to open the car door, it is also exasperating to the person paying the $100.00 that a good locksmith can open the car door in under a minute. While a car door is a entrance to one's automobile, web servers are portals to corporate intranets, e-commerce offerings, and much more. And while a locksmith or thief can open a car door in a minute, so too can adversaries often penetrate corporate web servers with similar ease. For those that don't accept the comparison, reading Hacking Exposed Web Applications will clearly open one's eyes. Forgetting for a minute the myriad vulnerabilities that effect many software products (including Windows, Apache, ColdFusion, and more), both books show how poorly written software, and misconfigured web servers make the penetration of web servers child's play. The book provides step-by-step instructions in a easy to read style for hardening web servers against attack. For those that have read previous and are comfortable with books in the Hacking Exposed serious, Hacking Exposed Web Applications uses the same easy to read and well organized style. The book has a lot of value even for those who are not so security conscious. For those with an interest in security, one's eyes will be open to the myriad places where vulnerabilities lie, from software, to scripts, mark-up files, and more. Anyone concerned with web server security should definitely read this title, or at least ensure their system administrators do. If not, think of your web servers as being Gone in 60 Seconds.
Rating: 
Summary: Good read for (beginner-mid-level) security professionals
Review: You should read this book. If it teaches you nothing else, it'll teach you how much you're forgetting, how much you are missing and just don't think of. Whether you're a sysadmin, or a security engineer -- read the book, it's worth keeping in your library.
Rating:
Summary: Good read for (beginner-mid-level) security professionals
Review: You should read this book. If it teaches you nothing else, it'll teach you how much you're forgetting, how much you are missing and just don't think of. Whether you're a sysadmin, or a security engineer -- read the book, it's worth keeping in your library.
| 
