Item description for Web Hacking from the Inside Out by Michael Flenov...
Overview Provides information on technologies used to search for vulnerabilities on Web sites, how to write secure applications, and ways to achieve optimum Web security.
Publishers Description Covering new technologies used to search for vulnerabilities on websites from a hacker's point of view, this book on Web security and optimization provides illustrated, practical examples such as attacks on click counters, flooding, forged parameters passed to the server, password attacks, and DoS and DDoS attacks. Including an investigation of the most secure and reliable solutions to Web security and optimization, this book considers the many utilities used by hackers, explains how to write secure applications, and offers numerous interesting algorithms for developers. The CD included contains programs intended for testing sites for vulnerabilities as well as useful utilities for Web security.
Promise Angels is dedicated to bringing you great books at great prices. Whether you read for entertainment, to learn, or for literacy - you will find what you want at promiseangels.com!
Est. Packaging Dimensions: Length: 0.75" Width: 7.5" Height: 9.25" Weight: 1.1 lbs.
Release Date Jan 1, 2007
Publisher A-List Publishing
ISBN 193176963X ISBN13 9781931769631
Availability 0 units.
More About Michael Flenov
Michael Flenov is a technical writer who specializes in C++ and Delphi programming, hacking, and code optimization. He has dealt with many issues related to SQL Server and Delphi, C++, and system programming, including CAD development, optimization techniques, code research, and database creation.
Reviews - What do customers think about Web Hacking from the Inside Out?
errors Mar 27, 2008
I am sitting in my college library and have been reading this book for about 5 minutes and have already found a huge error. When the author talks about safe file opening proceddures in php when using client inputed paramaters for a filename he suggests adding an extension to the end of the string before opening such as .fgfdfg so when an attacker attempts a string such as: ../../../../../../../../etc/passwd it will try to open the non existent file /etc/passwd.fgfdfg but any hacker worth his weight would just enter the string with a null bytesuch as: ../../etc/passwd%00 thus clipping the extension from the end. cause opening /etc/passwd\0.bsbs will open passwd
I havent read much more of the book but this huge error makes me want to put it back on the shelf. Overall, good for begginers I guess.... but theres better books out there and I wouldnt trust this one.
Thin on the good stuff Jul 5, 2007
While I found most of the information in this book to be valuable, and didn't find any errors, the types of attacks discussed seemed very lopsided. The author talks in great length about DOS attacks on websites as well as SQL injection and command injection by exploiting input validation errors, but only covers PHP, ASP, and to some degree Perl. The XSS discussion was only 7 pages, and authentication was only 5 pages! This book is a great starting place, but if you've got any experience with web security you might want to look elsewhere. Additionally the book provides demonstrations using only commercial software that the author wrote. This alone made me extremely suspicious. There were no significant examples or discussion of other tools for testing web applications for vulnerabilities.