Web Security Testing Cookbook_ Systematic Techniques to Find Problems Fast.pdf

(5669 KB) Pobierz

www.allitebooks.com

www.allitebooks.com

Advance Praise for

Web Security Testing Cookbook

“Paco and Ben understand and explain curl and HTTP concepts in an easygoing but yet

technical and exact way. They make this book a perfect guide to everyone who wants to

understand the ‘bricks’ that web apps consist of, and thus how those bricks can be security

tested.”

— Daniel Stenberg, author of cURL

“I love great food but I’m not a great cook. That’s why I depend on recipes. Recipes give

cooks like me good results quickly. They also give me a basis upon which to experiment,

learn, and improve.

Web Security Testing Cookbook

accomplishes the same thing for me as

a novice security tester.

The description of free tools including Firefox and it’s security testing extensions,

WebScarab, and a myriad of others got me started quickly. I appreciate the list, but even

more so, the warnings about the tools’ adverse effects if I’m not careful.

The explanation of encoding lifted the veil from those funny strings I see in URLs and

cookies.

As a tester, I’m familiar with choking applications with large files, but malicious XML

and ZIP files are the next generation. The “billion laughs” attack will become a classic.

As AJAX becomes more and more prevalent in web applications, the testing recipes

presented will be vital for all testers since there will be so many more potential security

loopholes in applications.

Great real-life examples throughout make the theory come alive and make the attacks

compelling.”

— Lee Copeland, Program Chair StarEast and StarWest Testing

Conferences, and Author of

A Practitioner’s Guide to Software Test

Design

www.allitebooks.com

“Testing web application security is often a time-consuming, repetitive, and unfortu-

nately all too often a manual process. It need not be, and this book gives you the keys to

simple, effective, and reusable techniques that help find issues before the hackers do.”

— Mike Andrews, Author of

How to Break Web Software

“Finally, a plain-sense handbook for testers that teaches the mechanics of security testing.

Belying the usabillity of the ‘recipe’ approach, this book actually arms the tester to find

vulnerabilities that even some of the best known security tools can’t find.”

— Matt Fisher, Founder and CEO Piscis LLC

“If you’re wondering whether your organization has an application security problem,

there’s no more convincing proof than a few failed security tests. Paco and Ben get you

started with the best free web application security tools, including many from OWASP,

and their simple recipes are perfect for developers and testers alike.”

— Jeff Williams, CEO Aspect Security and OWASP Chair

“It doesn’t matter how good your programmers are, rigorous testing will always be part

of producing secure software. Hope and Walther steal web security testing back from the

L33T hax0rs and return it to the realm of the disciplined professional.”

— Brian Chess, Founder/Chief Scientist Fortify Software

www.allitebooks.com

Web Security Testing Cookbook

™

Systematic Techniques to Find Problems Fast

www.allitebooks.com

Plik z chomika:

jacek_040

Inne pliki z tego folderu:

Exploiting Web-Based Applications - FREE Video Training Course PART 1.rar (506812 KB)
Exploiting Web-Based Applications - FREE Video Training Course PART 2.rar (933817 KB)
50 Android Hacks.pdf (3465 KB)
50 Reasons For Mastering Penetration Testing.azw3 (171 KB)
610.1 - Malware Analysis Fundamentals.pdf (31650 KB)

Web Security Testing Cookbook_ Systematic Techniques to Find Problems Fast.pdf

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: