webhackingexposed.com
Hacking Exposed - Web Applications
http://www.webhackingexposed.com/tools.html
If you do Web application security assessments, this page is for you. We've gathered all of the tools and techniques discussed in Hacking Exposed: Web Applications. That we use every day as consultants) and cataloged them here. This is an abbreviated recitation of Appendix B in the 2nd Edition, with live hyperlinks for easy access. Keep your eyes on this space as we post custom scripts and tools from the authors! Nish Bhalla's secret.dll and secret.htm are provided here. Free Web Security Scanning Tools.
webhackingexposed.com
Hacking Exposed - Web Applications
http://www.webhackingexposed.com/news.html
The authors will periodically post Web Application security items of note on this page (older items are in the Archive. 10/15/10 - Third Edition published! Hacking Exposed: Web Applications 3rd Edition. 02/27/08 - How Safe Are Your Private Pictures on the Net? Co-author Joel Scambray interviewed on Fox News Los Angeles television. About web site security at services like Flickr, TinyPic, and Photobucket, where supposedly private videos and pictures have become exposed on the Internet. Rain at the Palms.
webhackingexposed.com
Hacking Exposed - Web Applications
http://www.webhackingexposed.com/reviews.html
Whether you are a business leader attempting to understand the threat space for your business, or an engineer tasked with writing the code for those sites, or a security engineer attempting to identify and mitigate the threats to your applications, this book will be an invaluable weapon in your arsenal. Chris Peterson, Senior Director of Application Security, Zynga Game Network;. Former Director of Security Assurance, Microsoft Corporation. Chad Greene, Director, eBay Global Information Security. This bo...
webhackingexposed.com
Hacking Exposed - Web Applications
http://www.webhackingexposed.com/links.html
Each chapter in Hacking Exposed: Web Applications. See our Tools page. From Chapter 1: Hacking Web Apps 101. IE Extensions for HTTP Analysis. IE 5 Powertoys for WebDevs. Firefox Extensions for HTTP Analysis. Fiddler HTTP Debugging Proxy. Bayden Systems' sandbox online shopping application. Foundstone Hacme Bank and Hacme Books. RFC Index Search Engine. HTTP 1.0 RFC 1945. HTTP 1.1 RFC 2616. W3C HyperText Markup Language Home Page. Uniform Resource Identifiers (URI): Generic Syntax.
webhackingexposed.com
Hacking Exposed - Web Applications
http://www.webhackingexposed.com/contents.html
We've provided a brief overview of each chapter below. Check back frequently as we add more! 1: Hacking Web Apps 101. In this chapter, we take a 50,000-foot aerial view of web application hacking tools and techniques. Buckle your seatbelt, Dorothy, because Kansas is going bye-bye. 3: Hacking Web Platforms. 4: Attacking Web Authentication. 5: Attacking Web Authorization. 6: Input Injection Attacks. Brackets and quotes and dashes, oh my! 7: Attacking XML-Web Services. Don't drop the SOAP, because this chap...
webhackingexposed.com
Hacking Exposed - Web Applications
http://www.webhackingexposed.com/errata.html
As with any major undertaking on par with the complexity of Hacking Exposed: Web Applications. There are inevitably errors and omissions that occur. This page is dedicated to tracking the serious errors that affect our readers' experience with the book. The following are corrections to the 1st printing of Hacking Exposed: Web Applications. 1234567890 CUS CUS 0198765432. Each correction is listed by page number of the first printing on the far left. The NGSSoftware database tools link found on our Tools.
webhackingexposed.com
Hacking Exposed - Web Applications
http://www.webhackingexposed.com/authors.html
Is Managing Principal at Cigital. The leading software security company founded in 1992. He has assisted companies ranging from members of the Fortune 50 to newly minted startups with information security challenges and opportunities over a dozen years. In addition to Hacking Exposed Web Apps. Joel is co-author of Hacking Exposed: Network Security Secrets and Solutions. Joel can be reached at: [joel at webhackingexposed dot com]. About the Contributing Authors. About the Technical Editor.
webhackingexposed.com
Hacking Exposed - Web Applications
http://www.webhackingexposed.com/foreword.html
By Chris Peterson, August 2010. Senior Director of Application Security, Zynga Game Network. Former Director of Security Assurance, Microsoft Corporation. If ignorant of both your enemy and yourself, you are certain in every battle to be in peril. Sun Tzu, The Art of War.