Web Security Testing Cookbook
by HNS Staff - Tuesday, 13 January 2009.
Authors: Paco Hope, Ben Walther
Pages: 312
Publisher: O'Reilly
ISBN: 0596514832



Introduction

Buying furniture on eBay, selling childhood ZX Spectrum cassette tapes, doing online banking - every service we use is powered by a robust web application. With all the interaction with users, there are a number of ways that these apps can go wrong. "Web Security Testing Cookbook" is one of the latest books that will help developers spark some ideas on breaking and therefore fixing their web applications.

About the authors

Paco Hope is a Technical Manager at Cigital and co-author of Mastering FreeBSD and OpenBSD Security. Mr. Hope majored in Computer Science and English at The College of William and Mary and received an M.S. in Computer Science from the University of Virginia.

Ben Walther is a consultant at Cigital and contributor to the Edit Cookies tool. He has a hand in both normal Quality Assurance and Software Security. Mr. Walther has a B.S. in Information Science from Cornell University.

Inside the book

The book spreads on just over 250 pages and hosts around 150 recipes focusing on various aspects of web application hacking. Almost right after the introduction, you will understand the scope of practical information you will get out of this book. If you are not a pro in web application security assessment, most of the freeware tools the authors discuss early on will change the way you test your software apps. Out of all the tools mentioned, you could be amazed by how Mozilla Firefox and its plugins are powerful for doing all the grunt work.

Before an amusing chapter on different ways of tampering with various input mechanisms, authors provide an easy to follow tutorial on ways of data encoding usually used by web applications. They instruct the readers how to spot which encoding is in question, as well as how to use this kind of knowledge when assessing applications.

cURL is a quite popular command line tool for transferring files with URL syntax. The software is free and runs under a wide variety of operating systems, which makes it a perfect tool for diverse duties of a security aware developer. Here you will learn how to make cURL do cross site scripting and directory traversal checks, manipulate cookies, impersonating other web clients and more. The next chapter has a similar structure, but the focus is on Perl. As you probably already know, Perl is very handy for any kind of "communication" with Web interfaces and there are 13 Perl specific recipes to enjoy in.

The book ends with a couple of chapters on attacking AJAX, manipulating sessions and utilizing your just acquired knowledge for creating more advanced web application testing methods.

Final thoughts

With the ongoing evolution of the World Wide Web, importance of having stable and secure web applications is on an all time high. Aimed for web developers and software testers, this cookbook provides a wealth of ideas on mangling with web applications - the hands-on way.



Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //