--- product_id: 76753790 title: "The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws" price: "NZ$11" currency: NZD in_stock: false reviews_count: 13 url: https://www.desertcart.nz/products/76753790-the-web-application-hackers-handbook-discovering-and-exploiting-security-flaws store_origin: NZ region: New Zealand --- # The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws **Price:** NZ$11 **Availability:** ❌ Out of Stock ## Quick Answers - **What is this?** The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws - **How much does it cost?** NZ$11 with free shipping - **Is it available?** Currently out of stock - **Where can I buy it?** [www.desertcart.nz](https://www.desertcart.nz/products/76753790-the-web-application-hackers-handbook-discovering-and-exploiting-security-flaws) ## Best For - Customers looking for quality international products ## Why This Product - Free international shipping included - Worldwide delivery with tracking - 15-day hassle-free returns ## Description This book is a practical guide to discovering and exploiting security flaws in web applications. The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications. The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results. The authors are professional penetration testers who have been involved in web application security for nearly a decade. They have presented training courses at the Black Hat security conferences throughout the world. Under the alias "PortSwigger", Dafydd developed the popular Burp Suite of web application hack tools. Review: An excellent thorough resource for web application security - This is a great read for anyone interested in the security of modern web applications. It covers the hacking process from mapping the attack surface to exploiting input validation, access control, session management, and authentication vulnerabilities using real-world examples and diagrams. There is an in-depth 100pg chapter on injecting code(e.g. SQL, OS, script, etc injection) and a 95pg chapter on attacking other users(e.g. XSS, request forgery, etc attacks). There is information about bypassing common sanitization techniques in cases where user input is sanitized. The book also covers how to write your own scripts to automate complex attacks. At the end of each section are the steps necessary to defend your application against the attacks that were described with an emphasis on "defense-in-depth"; an approach where one tries to prevent the compromise of the whole application even if one component of it is already compromised. This book is extremely up to date with its coverage of new AJAX and XSS-type attacks while still covering the relatively old vulnerabilities like buffer overflows and sql injections. The authors are both professional penetration testers which gives them credibility over the information they provide in this book, and one of them is the author of the excellent free web application hacking tool called Burp Suite. I would recommend this book to anyone that has a basic knowledge of how the Web works (http, javascript, cookies, html, and basics of a programming language like php or java) although you could learn these technologies as you are reading the book which would take some more time. Review: One of the best out there - I bought this book over a year ago and never got around to reviewing it. I am really disappointed by the quality of many of the security books I have read since then, so feel compelled to go back and review this to give the authors the credit they deserve. There seems to be a flourishing industry in rushing out woeful security books that make lofty claims and are little more than brief summaries of "what" tools are with absolutely no "how", "why" or any signs of original thinking. Looking at the perfect 5 scores that many of these offenders receive, I am highly suspicious that authors/publishers are gaming the system and getting their mates to pile on positive reviews. (You will need to take the 5 I award this book with a large grain of salt and do your own research to form your own opinion). Anyway, enough ranting about the state of the industry and on to this book. I have a large bookshelf of security books - many in pristine condition. This one is well worn and dog-eared as it gets a lot of use. It works equally well read from cover to cover and as a future reference. Read in sequence, it is logical and introduces concepts in layers that build understanding on various topics. The chapter breakdown is also very well thought through - attacking client-side controls, authentication schemes, session management, code injection etc. As a reference, it provides thorough coverage describing how a class of exploit works, ways of exploiting it and ways of defending it. The coverage on XSS is the best I have seen in any one reference (you can certainly find all of the info on the net, but this book will save you a lot of time). I just noticed that there is a v2 of this book. Assuming it is the same quality as the original, I would recommend that as this is now a little dated. That said, I see many of the flaws covered in this book are still highly relevant today, but the tools have moved on a bit since then. If however you bought v1, you would not be disappointed. ## Technical Specifications | Specification | Value | |---------------|-------| | Best Sellers Rank | #755,276 in Books ( See Top 100 in Books ) #321 in Computer Hacking #380 in Privacy & Online Safety #928 in Internet & Telecommunications | | Customer Reviews | 4.5 out of 5 stars 62 Reviews | ## Images ![The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws - Image 1](https://m.media-amazon.com/images/I/614xwfIg1DL.jpg) ## Customer Reviews ### ⭐⭐⭐⭐⭐ An excellent thorough resource for web application security *by B***M on January 20, 2008* This is a great read for anyone interested in the security of modern web applications. It covers the hacking process from mapping the attack surface to exploiting input validation, access control, session management, and authentication vulnerabilities using real-world examples and diagrams. There is an in-depth 100pg chapter on injecting code(e.g. SQL, OS, script, etc injection) and a 95pg chapter on attacking other users(e.g. XSS, request forgery, etc attacks). There is information about bypassing common sanitization techniques in cases where user input is sanitized. The book also covers how to write your own scripts to automate complex attacks. At the end of each section are the steps necessary to defend your application against the attacks that were described with an emphasis on "defense-in-depth"; an approach where one tries to prevent the compromise of the whole application even if one component of it is already compromised. This book is extremely up to date with its coverage of new AJAX and XSS-type attacks while still covering the relatively old vulnerabilities like buffer overflows and sql injections. The authors are both professional penetration testers which gives them credibility over the information they provide in this book, and one of them is the author of the excellent free web application hacking tool called Burp Suite. I would recommend this book to anyone that has a basic knowledge of how the Web works (http, javascript, cookies, html, and basics of a programming language like php or java) although you could learn these technologies as you are reading the book which would take some more time. ### ⭐⭐⭐⭐⭐ One of the best out there *by N***K on March 23, 2012* I bought this book over a year ago and never got around to reviewing it. I am really disappointed by the quality of many of the security books I have read since then, so feel compelled to go back and review this to give the authors the credit they deserve. There seems to be a flourishing industry in rushing out woeful security books that make lofty claims and are little more than brief summaries of "what" tools are with absolutely no "how", "why" or any signs of original thinking. Looking at the perfect 5 scores that many of these offenders receive, I am highly suspicious that authors/publishers are gaming the system and getting their mates to pile on positive reviews. (You will need to take the 5 I award this book with a large grain of salt and do your own research to form your own opinion). Anyway, enough ranting about the state of the industry and on to this book. I have a large bookshelf of security books - many in pristine condition. This one is well worn and dog-eared as it gets a lot of use. It works equally well read from cover to cover and as a future reference. Read in sequence, it is logical and introduces concepts in layers that build understanding on various topics. The chapter breakdown is also very well thought through - attacking client-side controls, authentication schemes, session management, code injection etc. As a reference, it provides thorough coverage describing how a class of exploit works, ways of exploiting it and ways of defending it. The coverage on XSS is the best I have seen in any one reference (you can certainly find all of the info on the net, but this book will save you a lot of time). I just noticed that there is a v2 of this book. Assuming it is the same quality as the original, I would recommend that as this is now a little dated. That said, I see many of the flaws covered in this book are still highly relevant today, but the tools have moved on a bit since then. If however you bought v1, you would not be disappointed. ### ⭐⭐⭐⭐ Perfect for auditors, less useful for developers *by T***M on March 9, 2009* I was hoping that this book would give me a clear conception of how to secure a new web applications against potential attackers. It did, up to a point. Unfortunately, the book spends most of its time with the flaws in yesterday's technologies (e.g. older versions of ASP) that I would never touch for a new app. Still, if you're developing a web application, this book is worth at least skimming through. And if you're in charge of patching up a legacy system, this should be your bible. [Update: Since I wrote this review, a second edition of this book has been released. I have yet to read it, but my guess is that the new edition is more relevant to non-legacy app developers.] ## Frequently Bought Together - The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws - The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws - Black Hat Python, 2nd Edition: Python Programming for Hackers and Pentesters --- ## Why Shop on Desertcart? - 🛒 **Trusted by 1.3+ Million Shoppers** — Serving international shoppers since 2016 - 🌍 **Shop Globally** — Access 737+ million products across 21 categories - 💰 **No Hidden Fees** — All customs, duties, and taxes included in the price - 🔄 **15-Day Free Returns** — Hassle-free returns (30 days for PRO members) - 🔒 **Secure Payments** — Trusted payment options with buyer protection - ⭐ **TrustPilot Rated 4.5/5** — Based on 8,000+ happy customer reviews **Shop now:** [https://www.desertcart.nz/products/76753790-the-web-application-hackers-handbook-discovering-and-exploiting-security-flaws](https://www.desertcart.nz/products/76753790-the-web-application-hackers-handbook-discovering-and-exploiting-security-flaws) --- *Product available on Desertcart New Zealand* *Store origin: NZ* *Last updated: 2026-05-29*