How to Break Web Software: Functional and Security Testing of Web Applications and Web Services. Book & CD

	List Price: $39.99 Computers-Internet Price: $26.39 Your Savings: $ 13.60 ( 34% ) Subject To Change Without Notice Availability: Usually ships in 24 hours Manufacturer: Addison-Wesley Professional
Average Customer Rating:
Binding: Paperback Dewey Decimal Number: 005.14 EAN: 9780321369444 ISBN: 0321369440 Label: Addison-Wesley Professional Manufacturer: Addison-Wesley Professional Number Of Items: 1 Number Of Pages: 240 Publication Date: 2006-02-12 Publisher: Addison-Wesley Professional Studio: Addison-Wesley Professional
Related Items How to Break Software Security How to Break Software: A Practical Guide to Testing W/CD The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws Testing Applications on the Web: Test Planning for Mobile and Internet-Based Systems, Second Edition Hacking Exposed Web Applications, 2nd Ed. (Hacking Exposed)
Editorial Reviews: Since its early days as an information exchange tool limited to academe, researchers, and the military, the web has grown into a commerce engine that is now omnipresent in all facets of our lifes. More websites are created daily and more applications are developed to allow users to learn, research, and purchase online. As a result, web development is often rushed, which increases the risk of attacks from hackers. Furthermore, the need for secure applications has to be balanced with the need for usability, performance, and reliability. In this book, Whittaker and Andrews demonstrate how rigorous web testing can help prevent and prepare for such attacks. They point out that methodical testing must include identifying threats and attack vectors to establish and then implement the appropriate testing techniques, manual or automated.
Spotlight customer reviews: Customer Rating: Summary: Great advice for software developers Comment: If your company has a web site, there are many people waiting to attack it and break into it. In How to Break Web Software: Functional and Security Testing of Web Applications and Web Services, authors Mike Andrews and James Whittaker detail the myriad Web software exploits that attackers will attempt to carry out. The tools and techniques that can be used to fight against them are also detailed. The book also includes a companion CD that contains all of the source code referenced in the book in addition to a number of testing tools. The authors include software code from an insecure Web site, which helps the reader get a real-world feel for the topics involved. The authors conclude with a look at the last 50 years of software defects, showing that developers are not learning from the mistakes. The authors are of the opinion that software quality is no better today than it was decades ago. And in some cases, it is worse. The book helps drive home the importance of having developers think about writing secure code and testing it for flaws. It is a recommended read for IT professionals. Customer Rating: Summary: Short on content with too much padding Comment: I was disappointed in this book. The actual content was pretty thin, and not very well written. Chapter 1 is a complete waste of time, and actually spends pages explaining what client/server means, what the Web is, and other things that are patently obvious to the supposed audience for this material. I found myself turning to the front to see if this book was written in 1997! You then get nine fairly short chapters with instructions on how to hack a website, more or less; followed by 50 pages of useless padding in the appendices including: an unrelated article co-authored by Whittaker for the IEEE, a detailed list of all the bugs present in their "sample application," and then descriptions of their recommended tools, all of which can easily be found on the Web without paying $22 for this book. As another reviewer mentioned, there are many typos and other problems like incorrect illustrations, making the reader wonder if Addison-Wesley even employs a copy editor. Furthermore, I felt this book was inaccurately named and described. It's really more about rudimentary hacking and protecting your web application against hackers than web quality or web testing. A beginning web developer might do well to read this as a primer on how to create sites and applications with basic security, but as an experienced tester it was of limited use to me. Customer Rating: Summary: Wow! Comment: I've been programming for over 10 years and thought that I had encountered it all. Uh ya, I was wrong. I'm amazed that a person can work with something for so long and yet still miss simple things like URL jumping. This is a great 32,000 foot view of web security (not a how to hack book) and covers what you should know if you are a web developer. Even if you alredy "know it all" this is a great read and excellent reference for creating check lists on projects and threats they may be succeptable to. Customer Rating: Summary: Fast international delivery Comment: It was a good experience to purchase from Amazon and getting them delivered in India at my door-step. Order reached me ontime and is in good condition. Thanks, Samta Customer Rating: Summary: Very informative. If you develop web software it's a must-read Comment: I recently finished reading How to Break Web Software: Functional and Security Testing of Web Applications and Web Services by Mike Andrews and James A. Whittaker. I, like many of you, develop web software for a living. I've always taken security seriously and occasionally sneered when I ran across examples of common mistakes. Having said that, this book was an eye opener for me. The book covers common exploits such as bypassing input validation, SQL injection, and denial of service. There were also several types of attacks I hadn't really considered before. I won't list them here because someone would undoubtedly say, "I can't believe he didn't know about that one!" The authors cover 24 different types of attacks in all. The book also includes coverage of web privacy issues and security related to web services. Finally, as icing on the cake, a CD is included that contains many tools that will find permanent spots in your arsenal. There are tools to do things like scan web servers for common exploits, mirror sites for local analysis, and check SSL cipher strengths. My favorites are the local proxies that will allow you to view and modify posts as they travel from the client and the server. I always knew I could do this, but didn't know how easy it is. The CD also contains the source code of an example site that includes many flaws for you to practice. This book is written for software professionals to help them put the hackers out of business. So, it necessarily includes hacker techniques. If you develop or test web software, you should read this book before the hackers do. :-) More Reviews