The evolution of the web is changing faster than most normal people can keep up with. New website applications are popping up online daily, most of which contain some important, and sometimes financial information which the company wants to display or sell. Most applications also contain information only ‘certain’ users can see in a secure area where you might have to pay to access, and only you are allowed to see.
This book describes many different ways in which the application can be used as a weapon against the company, allowing the ‘hacker’ to access restricted data, corrupt databases or bring down the server hosting the site.
Over the 13 chapters, this book describes all the common ways of attacking a website, from profiling the application to find out what OS and webserver it is running, or launching a full DDoS attack on the server.
After reading the book cover-to-cover, I am now aware of the dangers online and as a developer what my application must be able to withstand and block against. It also has information about the not-so common attacks, and various ways hackers attempt to break into websites – such as encoding the XSS attack to get around blacklists. The book also covers almost all languages and platforms, allowing everyone to have a good understanding. The code samples included are an excellent way to seeing for yourself the potential harm, and if you can’t see it – have it explain to you in the next paragraph of the book.
At the end of every chapter there is a “references and further reading” section, contains all the links to items discussed within the chapter. This ranges from Microsoft’s security alerts to PoC (Proof of Concept) applications and recommended applications to provide excellent additional reading.
At the very end of the book, there is a checklist to make sure your application is up-to scratch and secure.
I highly recommend this book to anyone who wants a good understanding of all the different ways in which web apps can be attacked. If you are currently developing applications (both internally and externally) I strongly recommend you having a read of this book – you never know, it might just save your application and confidential database from hackers.