Navigation
Book Released: Web Hacker Boot Camp
Web Hacker Boot Camp
by Gerald Quakenbush
ISBN: 097684071X, 236 pages, $39.95
Sample Chapter (PDF) - Downloads
Order from Amazon.com
Some of the most serious security flaws on the Internet today are application-layer flaws in custom web applications. Such vulnerabilities undermine all other system hardening efforts. While techniques to exploit application-layer flaws are common among hackers, most security professionals have little experience with them.
This book is a self-paced training guide that will help security professionals and web developers understand how many application-layer attacks work. Through hands-on, step-by-step exercises readers get to see first hand how hackers pull off a variety of attacks, such as SQL Injection, Session Hijacking, OS Command Injection, Cross-Site Scripting and Parameter Tampering.
Additionally, the book features:
- Explanation of how HTTP based applications really work
- The Web Hacker's Toolbox showing you the tools you need and how to use them, including extensive coverage of Paros, the open source proxy tool
- A systematic, repeatable process for examining web applications for security flaws even if you don't have the source code
Available on this book's download site:
- MasterBugs - a functional, real-world web application, used throughout the book
- StealthVNC - a modification of the open-source VNC software used by the author to demonstrate how to assume full, graphical remote control of a target after exploiting various application-layer flaws
- ZombieVM - a Linux virtual machine (for VMWare) with software containing flaws examined in the book
Isn't it about time you caught up with the hackers?
Gerald Quakenbush has more than 17 years experience in information technology and information security. He has several certifications including the CISSP and the NSA's IAM certification. He has worked for several years as a consultant performing application security assessments and audits. He is also a Certified Technical Trainer and conducts a two-day training program called Application Security Boot Camp on which this book is based.
Web Hacker Boot Camp
This hands-on, self-paced training kit walks you through various application-layer attacks, step-by-step. Understand how hackers exploit common mistakes made by web developers.