What do you think?
Rate this book
Web Hacking 101
With a Foreword written by HackerOne Co-Founders Michiel Prins and Jobert Abma, Web Hacking 101 is about the ethical exploration of software for security issues but learning to hack isn't always easy. With few exceptions, existing books are overly technical, only dedicate a single chapter to website vulnerabilities or don't include any real world examples. This book is different.
Using publicly disclosed vulnerabilities, Web Hacking 101 explains common web vulnerabilities and will show you how to start finding vulnerabilities and collecting bounties. With over 30 examples, the book covers topics like:
HTML Injection
Cross site scripting (XSS)
Cross site request forgery (CSRF)
Open Redirects
Remote Code Execution (RCE)
Application Logic
and more...
Each example includes a classification of the attack, a report link, the bounty paid, easy to understand description and key takeaways. After reading this book, your eyes will be opened to the wide array of vulnerabilities that exist and you'll likely never look at a website or API the same way.
Using publicly disclosed vulnerabilities, Web Hacking 101 explains common web vulnerabilities and will show you how to start finding vulnerabilities and collecting bounties. With over 30 examples, the book covers topics like:
HTML Injection
Cross site scripting (XSS)
Cross site request forgery (CSRF)
Open Redirects
Remote Code Execution (RCE)
Application Logic
and more...
Each example includes a classification of the attack, a report link, the bounty paid, easy to understand description and key takeaways. After reading this book, your eyes will be opened to the wide array of vulnerabilities that exist and you'll likely never look at a website or API the same way.
216 pages, Kindle Edition
65 people are currently reading
481 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 12 of 12 reviews
Read
March 13, 2017No star rating - as this is not really a typical book - I'd rather call it a curated resource collection enriched with helpful comments ;)
Let's start with some NOTs:
* it's NOT a book to start learning about web security - there are some intro-level descriptions, but I doubt whether they'd be good enough to get through the content with actual understanding
* it's NOT a book that describes all the nuances of described vulnerabilities
* it's NOT a complete, full resource - actually each of described cases is just a beginning, a trigger, starting point to dig deeper
So what this book IS about then?
It IS about interesting, up-to-date (2015, 2016) cases of actual vulnerabilities found in several large services (all are named), categorised by vulnerability type, filled with meaty details (how problem was found, where was the actual issue - precisely, even how much was the bug bounty). Usually descriptions are detailed enough to make sense out of them (with very few exceptions) & circumstances are interesting enough to keep you reading.
Of course there is no "story" or any other kind of continuity - you can pick freely what you find interesting & read in any order you'd like. There are also few very brief "general" chapters on tools & general best practices in white-hat hacking: very elementary, but still nice to have them.
If you like the idea of such "collection" - feel free to grab it. It may be really interesting if you already are familiar with web security essentials.
Let's start with some NOTs:
* it's NOT a book to start learning about web security - there are some intro-level descriptions, but I doubt whether they'd be good enough to get through the content with actual understanding
* it's NOT a book that describes all the nuances of described vulnerabilities
* it's NOT a complete, full resource - actually each of described cases is just a beginning, a trigger, starting point to dig deeper
So what this book IS about then?
It IS about interesting, up-to-date (2015, 2016) cases of actual vulnerabilities found in several large services (all are named), categorised by vulnerability type, filled with meaty details (how problem was found, where was the actual issue - precisely, even how much was the bug bounty). Usually descriptions are detailed enough to make sense out of them (with very few exceptions) & circumstances are interesting enough to keep you reading.
Of course there is no "story" or any other kind of continuity - you can pick freely what you find interesting & read in any order you'd like. There are also few very brief "general" chapters on tools & general best practices in white-hat hacking: very elementary, but still nice to have them.
If you like the idea of such "collection" - feel free to grab it. It may be really interesting if you already are familiar with web security essentials.
December 29, 2016
It is a great book. The best part of it I guess are the resource part and the tools listed. Very helpful due to the shared real security issues and detailed information how they were exposed.
My only tip is - it is not so easy to grasp for people with just CSS and HTML knowledge, it takes a bit more.
So, knowledge in networking, at least couple of programming languages like Perl and Python, Bash for sure, JavaScript, knowledge of XML and HTTP is also required to get everything.
Is's still an awesome book.
My only tip is - it is not so easy to grasp for people with just CSS and HTML knowledge, it takes a bit more.
So, knowledge in networking, at least couple of programming languages like Perl and Python, Bash for sure, JavaScript, knowledge of XML and HTTP is also required to get everything.
Is's still an awesome book.
May 13, 2017
A perfect book for starting bug bounty researchers. Peter explains each vulnerability in a manner that a new person in the field can easily understand how the bug was found, exploited and possibly fixed. These specific explanations with detailed descriptions allows others to use same technique during their research.
June 8, 2020
I started and stopped reading web hacking 101 about 2 times before I decided to get it read. I like that web hacking 101 talks about vulnerabilities and then talks about examples of people finding them. Now all I have to is remember the vulnerabilities.
One of my favorite chapters is chapter 21 getting started where peter Yaworski talks about how to chose a target and how he gets started hacking a website.
I also enjoyed chapter 22 about vulnerability reports. I also liked chapter 22 about tools. And I also liked chapter 24 resources. So far I have only used nmap. I just installed zap so I have not used it much.
As I read further into web hacking 101 I got more excited about being an ethical hacker. I don't know if I will ever be able to become an ethical hacker. I have not found a bug yet but, I can see why people become ethical hackers.
I think reading web hacking 101 helped me learn more about websites. And I think it gave me good guidance on how to get started as an ethical hacker. I enjoyed reading it. I probably will need to read it or at least look thought it again.
One of my favorite chapters is chapter 21 getting started where peter Yaworski talks about how to chose a target and how he gets started hacking a website.
I also enjoyed chapter 22 about vulnerability reports. I also liked chapter 22 about tools. And I also liked chapter 24 resources. So far I have only used nmap. I just installed zap so I have not used it much.
As I read further into web hacking 101 I got more excited about being an ethical hacker. I don't know if I will ever be able to become an ethical hacker. I have not found a bug yet but, I can see why people become ethical hackers.
I think reading web hacking 101 helped me learn more about websites. And I think it gave me good guidance on how to get started as an ethical hacker. I enjoyed reading it. I probably will need to read it or at least look thought it again.
July 12, 2019
Great collection of vulnerability examples and how they've been found. Also it provides a ton of description about those vulnerabilities: what is it, how it can be exploited, what consequences. The list of tools and resources is just helpful by itself. But you can't use this as a guide to go cracking every website on your way and that's reasonable. Yet knowing what to look for is easier than just wandering around this bug-bounty world.
Read
October 17, 2019Its Really a great book.
May 3, 2020
A great intro to bug bounty hunting through real-life examples that are explained in an accessible manner
Read
May 17, 2020yjyjyj
This entire review has been hidden because of spoilers.
January 21, 2021
Excellent
May 8, 2022
good stuff
This entire review has been hidden because of spoilers.
September 13, 2025
How to read wtf
Displaying 1 - 12 of 12 reviews