Web Hacker Boot Camp

Features

• Cover Type: Paperback with 236 pages
• Published by: MasterMind Press March 10, 2006
• ISBN 10 Number: 097684091X
• ISBN 13 Number: 978-0976840916
• Book Dimensions: 9 x 7.3 x 0.8 inches
• Weighs: 13.6 ounces

Product Description
Some of the most serious security flaws on the Internet today are application-layer flaws in custom web applications. Such vulnerabilities undermine all other system hardening efforts. While techniques to exploit application-layer flaws are common among hackers, most security professionals have little experience with them.

This book is a self-paced training guide that will help security professionals and web developers understand how many application-layer attacks work. Through hands-on, step-by-step exercises readers get to see first hand how hackers pull off a variety of attacks, such as SQL Injection, Session Hijacking, OS Command Injection, Cross-Site Scripting and Parameter Tampering.

Additionally, the book features:

* Explanation of how HTTP based applications really work
* The Web Hacker’s Toolbox showing you the tools you need and how to use them, including extensive coverage of Paros, the open source proxy tool
* A systematic, repeatable process for looking at web applications for security flaws even if you don’t have the source code

Available on this book’s download site:

* MasterBugs – a functional, real-world web application, used throughout the book
* StealthVNC – a modification of the open-source VNC software used by the author to demonstrate how to assume full, graphical remote control of a target after exploiting various application-layer flaws
* ZombieVM – a Linux virtual machine (for VMWare) with software containing flaws examined in the book

Isn’t it about time you caught up with the hackers?

About The Author
Gerald Quakenbush has more than 17 years experience in information technology and information security. He has several certifications including the CISSP and the NSA’s IAM certification. He has worked for several years as a consultant performing application security assessments and audits. He is also a Certified Technical Trainer and conducts a two-day training program called Application Security Boot Camp on which this book is based.

Reader Reviews
I'm a sales guy for an Internet Security firm, however, my co-workers call me "hybrid" because I'm too technical to be compared to the average sales guy and not technical enough to be a full-fledged engineer. So here's why I was pleasantly surprised by Web Hacker Boot Camp...I bought it because we have a product which specifically combats the type of hacking Quakenbush discusses. I expected to be fairly overwhelmed and just give the book to my Security Engineer. What I found was that I now understand my own product better after reading Quakenbush's book. There are parts that are too technical for me to be able to follow (the "good stuff") but there are many introductory portions that don't presume where you're starting from. It was written so that I wasn't insulted when being informed of something I all ready knew, but that took me places I'd also never gone before. Don't get me wrong...overall this is a technical book, however, it is valuable also to the dabbler, the hobby-interested, the student, and particularly to those working on products related specifically to web security. I highly recommend it to both the "geeks" and the "sales-pukes". If we all figured out how to communicate in this style, the customers of the world (which includes you and me when you think about it) would be much better served, and ultimately...safer.