Hacking Exposed Web Applications: Web Application Security Secrets and Solutions, Third Edition

Hacking Exposed: Web Applications, Third Edition shows you how to meet the challenges of online security with the two-pronged "attack-countermeasure" approach. The Third Edition provides leading-edge updates to exploitation techniques, as well as new chapters covering industry-wide threats and countermeasures, such as web application hacking, phishing, and preventative website development practices.

This definitive guide is organized according to the internationally bestselling Hacking Exposed methodology, progressing from reconnaissance of the target through exploitation of common misconfigurations and software flaws. Anecdotes and personal experiences are interspersed throughout to reinforce the relevance and severity of specific vulnerabilities. Based on the author’s many years as a security professional hired to break into the world’s largest IT infrastructures, the techniques presented in this book will improve the security of online business.

Hacking Exposed: Web Applications, Third Edition

• Covers new web application and phishing techniques as well as best practices in preventing web attacks
• Includes new case studies and examples based on author’s expertise working with global clients
• Offers seasoned insight into the core security issues that plague online business platforms of all sizes
• Provides proven strategies to prevent, detect, and remediate common weaknesses and maintain rock-solid security for the long term

All-inclusive coverage:

Hacking Web Apps 101; Profiling; Hacking Web Platforms; Attacking Web Authentication; Attacking Session Management; Input Injection Attacks; Attacking XML Web Services; Attacking Web Application Development; Hacking Web Client; Full-Knowledge Analysis; Web Application Security Scanners; Web Site Security Checklist

About the Authors

Joel Scambray, CISSP, is a Senior Director at Microsoft Corporation, where he led Microsoft's online services security efforts for three years before joining the Windows platform group to focus on security technology development. He has more than 15 years of information security experience, including senior management roles at Ernst & Young, co-founder of Foundstone, technical consultant for Fortune 500 enterprises, and co-author of the best-selling Hacking Exposed book series.

Mike Shema, is the CSO of NT Objectives and has made web application security presentations at numerous security conferences. He has conducted security reviews for a wide variety of web technologies and developed training material for application security courses. He is also a co-author of Anti-Hacker Toolkit.

Caleb Sima, is the co-founder and CTO of SPI Dynamics, a web application security products company, and has more than 12 years of security experience. His pioneering efforts and expertise in web security have helped define the direction the web application security industry has taken. Caleb is a frequent speaker and expert resource for the press on Internet attacks and has been featured in the Associated Press. He is also a contributing author to various magazines and online columns. Caleb is a member of ISSA and is one of the founding visionaries of the Application Vulnerability Description Language (AVDL) standard within OASIS, as well as a founding member of the Web Application Security Consortium (WASC).