The Web Application Hacker's Handbook

This book is a practical guide to discovering and exploitingsecurity flaws in web applications. The authors explain eachcategory of vulnerability using real-world examples, screen shotsand code extracts. The book is extremely practical in focus, anddescribes in detail the steps involved in detecting and exploitingeach kind of security weakness found within a variety ofapplications such as online banking, e-commerce and other webapplications.
The topics covered include bypassing login mechanisms, injectingcode, exploiting logic flaws and compromising other users. Becauseevery web application is different, attacking them entails bringingto bear various general principles, techniques and experience in animaginative way. The most successful hackers go beyond this, andfind ways to automate their bespoke attacks. This handbookdescribes a proven methodology that combines the virtues of humanintelligence and computerized brute force, often with devastatingresults.
The authors are professional penetration testers who have beeninvolved in web application security for nearly a decade. They havepresented training courses at the Black Hat security conferencesthroughout the world. Under the alias „PortSwigger“, Dafydddeveloped the popular Burp Suite of web application hack tools.