Polyteknisk Boghandel

The book begins with some context-setting chapters describing the role and purpose of web applications, the core concepts, and the technologies commonly employed. The remaining bulk of the book consists of a practical guide to attacking and defending web applications. Organized around categories of vulnerability, the authors explain each using concrete examples of real-world vulnerabilities to highlight the problem - usually accompanied by a screenshot or code sample. The authors describe in detail the techniques which an attacker can use to identify and exploit the vulnerability, and the specific countermeasures which application developers and administrators can use to defend against these attacks. On most pages, the prose-based discussion is punctuated by practical steps relating to the attacks being discussed. Where relevant, the best hack tools for a particular task are described, and specific instructions are given for using them. The book concludes with some chapters describing practical techniques which do not fit neatly into a particular area of vulnerability, including application mapping, automation of bespoke attacks, and code review techniques. The authors also provide a unified web application hacker's toolkit and methodology, pulling together in one location a checklist-style summary all of the techniques described through the book.

Acknowledgments
Introduction.
Chapter 1 Web Application (In)security.
Chapter 2 Core Defense Mechanisms.
Chapter 3 Web Application Technologies.
Chapter 4 Mapping the Application.
Chapter 5 Bypassing Client-Side Controls.
Chapter 6 Attacking Authentication.
Chapter 7 Attacking Session Management.
Chapter 8 Attacking Access Controls.
Chapter 9 Injecting Code.
Chapter 10 Exploiting Path Traversal.
Chapter 11 Attacking Application Logic.
Chapter 12 Attacking Other Users.
Chapter 13 Automating Bespoke Attacks.
Chapter 14 Exploiting Information Disclosure.
Chapter 15 Attacking Compiled Applications.
Chapter 16 Attacking Application Architecture.
Chapter 17 Attacking the Web Server.
Chapter 18 Finding Vulnerabilities in Source Code.
Chapter 19 A Web Application Hacker's Toolkit.
Chapter 20 A Web Application Hacker's Methodology.
Index.