Web Hacker Boot Camp

Some of the most serious security flaws on the Internet today are application-layer flaws in custom web applications. Such vulnerabilities undermine all other system hardening efforts. While techniques to exploit application-layer flaws are common among hackers, most security professionals have little experience with them.

This book is a self-paced training guide that will help security professionals and web developers understand how many application-layer attacks work. Through hands-on, step-by-step exercises readers get to see first hand how hackers pull off a variety of attacks, such as SQL Injection, Session Hijacking, OS Command Injection, Cross-Site Scripting and Parameter Tampering.

Additionally, the book features:

* Explanation of how HTTP based applications really work
* The Web Hacker’s Toolbox showing you the tools you need and how to use them, including extensive coverage of Paros, the open source proxy tool
* A systematic, repeatable process for examining web applications for security flaws even if you don’t have the source code

Available on this book’s download site:

* MasterBugs – a functional, real-world web application, used throughout the book
* StealthVNC – a modification of the open-source VNC software used by the author to demonstrate how to assume full, graphical remote control of a target after exploiting various application-layer flaws
* ZombieVM – a Linux virtual machine (for VMWare) with software containing flaws examined in the book

Isn’t it about time you caught up with the hackers?