What do you think?
Rate this book
Web Security Testing Cookbook
Millions of dollars are spent every year developing, testing, defending, and fixing web applications -- and, ultimately, web developers are blamed when something goes wrong. Web Security Testing Cookbook gives developers an inexpensive way to include testing as part of the development cycle. You'll find scores of recipes for testing web applications, from relatively simple solutions to complex ones that combine several solutions.
This practical book focuses on how to test web applications -- not what web security consists of or why developers should test. And, rather than IT security, the recipes address application software exclusively -- source code, business logic -- written, operated, and now tested by you. Each recipe in the book states the problem to be solved, the tools and techniques required, technical details involved, and examples.
Web Security Testing Cookbook also leverages free tools, and not only because they save you considerable expense. In security, perhaps more than in any other specialized discipline, the best tools tend to be free. The book offers recipes in four different sections to help you: Learn basics concepts to develop tests, and obtain and set up the tools you'll use Automate tools and scripts to test a web application in a systematic way Learn methods to bypass client side input validation for various purposes, such as SQL injection, cross-site scripting, and manipulating hidden form fields Focus on the session by finding identifiers, analyzing how predictable they are, and manipulating them with tools By following the recipes in this book, you can be reasonably sure that your application is not going to be one of the thousands that hackers compromise every day. They don't take the place of real penetration testing, but they will make sure your application is not a disaster waiting to happen.
Take the time to include security testing in the development cycle. Web Security Testing Cookbook will save you weeks of headaches and tons of money down the road. Who knows? This book might even save your job.
This practical book focuses on how to test web applications -- not what web security consists of or why developers should test. And, rather than IT security, the recipes address application software exclusively -- source code, business logic -- written, operated, and now tested by you. Each recipe in the book states the problem to be solved, the tools and techniques required, technical details involved, and examples.
Web Security Testing Cookbook also leverages free tools, and not only because they save you considerable expense. In security, perhaps more than in any other specialized discipline, the best tools tend to be free. The book offers recipes in four different sections to help you: Learn basics concepts to develop tests, and obtain and set up the tools you'll use Automate tools and scripts to test a web application in a systematic way Learn methods to bypass client side input validation for various purposes, such as SQL injection, cross-site scripting, and manipulating hidden form fields Focus on the session by finding identifiers, analyzing how predictable they are, and manipulating them with tools By following the recipes in this book, you can be reasonably sure that your application is not going to be one of the thousands that hackers compromise every day. They don't take the place of real penetration testing, but they will make sure your application is not a disaster waiting to happen.
Take the time to include security testing in the development cycle. Web Security Testing Cookbook will save you weeks of headaches and tons of money down the road. Who knows? This book might even save your job.
328 pages, Paperback
First published January 1, 2008
5 people are currently reading
61 people want to read
About the author
Paco Hope
7 booksPaco Hope is a Principal Consultant with Cigital, Inc. and has 12 years of experience in the security of gaming systems (lottery systems, online gaming, casino gaming devices), web applications, operating systems, and embedded devices (e.g., mobile phones, smart cards). As a consultant, his customers have included major banks in New York and London, online gambling firms worldwide, and numerous business-to-business software providers.
Paco's passion is making software secure and reliable. He believes that securing software is everyone's job, and everyone has a role to play—be they testers, developers, IT staff, or management.
Paco's passion is making software secure and reliable. He believes that securing software is everyone's job, and everyone has a role to play—be they testers, developers, IT staff, or management.
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 3 of 3 reviews
December 26, 2009
seems alright... doesn't get too in-depth as it is basically a group of tools methods for detecting web vulnerabilities
May 19, 2015
Although the book is quite old, it has tons of useful information. Great book that has a lot of useful ready to use "hacking" scripts
October 2, 2011
Excellent, but more of a reference. I think I’m going to get a copy and keep it next to my desk.
Displaying 1 - 3 of 3 reviews