|
Web Hacking from the Inside Out | 
| Author: Michael Flenov
Publisher: A-List Publishing
Category: Book
List Price: $39.95
Buy New: $23.10
You Save: $16.85 (42%)
New (18) Used (7) from $19.65
Avg. Customer Rating:  2 reviews
Sales Rank: 1471783
Media: Paperback
Number Of Items: 1
Pages: 300
Shipping Weight (lbs): 1.3
Dimensions (in): 9 x 7.4 x 0.8
ISBN: 193176963X
Dewey Decimal Number: 005.8
EAN: 9781931769631
ASIN: 193176963X
Publication Date: January 1, 2007
Availability: Usually ships in 1-2 business days
Shipping: Expedited shipping available
Shipping: International shipping available
Condition: Direct from the publisher;
|
| Similar Items:
|
| Editorial Reviews:
Product Description
Covering new technologies used to search for vulnerabilities on websites from a hacker's point of view, this book on Web security and optimization provides illustrated, practical examples such as attacks on click counters, flooding, forged parameters passed to the server, password attacks, and DoS and DDoS attacks. Including an investigation of the most secure and reliable solutions to Web security and optimization, this book considers the many utilities used by hackers, explains how to write secure applications, and offers numerous interesting algorithms for developers. The CD included contains programs intended for testing sites for vulnerabilities as well as useful utilities for Web security.
|
| Customer Reviews:
 errors March 27, 2008
1 out of 1 found this review helpful
I am sitting in my college library and have been reading this book for about 5 minutes and have already found a huge error. When the author talks about safe file opening proceddures in php when using client inputed paramaters for a filename he suggests adding an extension to the end of the string before opening such as .fgfdfg so when an attacker attempts a string such as:
../../../../../../../../etc/passwd
it will try to open the non existent file /etc/passwd.fgfdfg
but any hacker worth his weight would just enter the string with a null bytesuch as:
../../etc/passwd%00
thus clipping the extension from the end. cause opening /etc/passwd\0.bsbs will open passwd
I havent read much more of the book but this huge error makes me want to put it back on the shelf. Overall, good for begginers I guess.... but theres better books out there and I wouldnt trust this one.
Peace
HexaTex
 Thin on the good stuff July 5, 2007
4 out of 4 found this review helpful
While I found most of the information in this book to be valuable, and didn't find any errors, the types of attacks discussed seemed very lopsided. The author talks in great length about DOS attacks on websites as well as SQL injection and command injection by exploiting input validation errors, but only covers PHP, ASP, and to some degree Perl. The XSS discussion was only 7 pages, and authentication was only 5 pages! This book is a great starting place, but if you've got any experience with web security you might want to look elsewhere. Additionally the book provides demonstrations using only commercial software that the author wrote. This alone made me extremely suspicious. There were no significant examples or discussion of other tools for testing web applications for vulnerabilities.
|
|
|
Copyright © 2007 Funny Prank Ideas | |
