|
Web Hacking: Attacks and Defense
 |
Author: Stuart McClure, Saumil Shah, Shreeraj Shah
List Price: $49.99
Our Price: Click to see the latest and low price
ISBN: 0201761769
Publisher: Addison-Wesley Pub Co (08 August, 2002)
Edition: Paperback
Sales Rank: 28,936
Average Customer Rating: 4.56 out of 5
|
Customer ReviewsRating: 4 out of 5
Good Overview Of Attacks & Defense
This is a pretty informative book on hacking. After reading this book you will have a good overview of many different attacks and defenses. It's a great book for beginners and an entertaining read.
Rating: 4 out of 5
Excellent book on web security
Web Hacking: Attacks and Defense is quite similar to 'Hacking Exposed Web Applications' by Joel Scambray & Mike Shema. Both Hacking Exposed Web Applications and Web Hacking: Attacks and Defense will clearly open one's eyes to the risks of web hacking. Forgetting for a minute the myriad vulnerabilities that effect many software products (including Windows, Apache, ColdFusion, and more), both books show how poorly written software, and misconfigured web servers make the penetration of web servers child's play. Both books provide step-by-step instructions in a easy to read style for hardening web servers against attack. For those that have read previous and are comfortable with books in the Hacking Exposed serious, Hacking Exposed Web Applications uses the same easy to read and well organized style. Web Hacking: Attacks and Defense has almost the same amount of content, but is written in a slightly more technical manner. Both books clearly explain how hackers gather information, acquire targets, gain control, and afterwards cover their track. Anyone interested in ensuring their web servers are secured should definitely read these books. Both books have a lot of value even for those who are not so security conscious. For those with an interest in security, one's eyes will be open to the myriad places where vulnerabilities lie, from software, to scripts, mark-up files, and more. Anyone concerned with web server security should definitely read these books, or at least ensure their system administrators do.
Rating: 4 out of 5
Case-based approach brings web hacking to the masses
"Web Hacking: Attacks and Defenses" is a book the shows how, and in some cases why, web platforms are compromised. In addition to explaining common methods to victimize web systems, the authors provide a basic background on web technologies. Combined with integrated case studies, "Web Hacking" stands as a strong introduction to the art and science of attacking web platforms.
"Web Hacking" offered several appealing aspects, and several disappointing drawbacks. On the positive side, I found the numerous tables very helpful. These included lists of ISAPI filters, MS SQL stored procedures, form elements, and other web technology items. The authors also share their methodology for assessing web platforms, simulating their checklists and evaluation matrices. The appendices were appreciated as well.
On the negative side, "Web Hacking" suffers from subtle typos. This can be beyond the authors' control, but annoying nevertheless. For example, 0x11111111 is 255 decimal, not 256 as shown on page 371. More troubling was the authors' repeated criticisms of network based intrusion detection systems. While NIDS are not perfect, they do serve purposes the authors don't seem to appreciate. Encryption may prevent NIDS from collecting the content of a session, but what if we only care to collect transactional data summarizing that session?
Incidentally, Barnaby Jack's work on the buffer overflow section (chapter 14) was worth reading. Overall, "Web Hacking" belongs on your bookshelf, although many may find "Hacking Exposed: Web Applications" to be more comprehensive.
Similar Products
· Anti-Hacker Tool Kit
· Hacking Exposed Windows 2000
· Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses
· Hacking Exposed: Network Security Secrets & Solutions, Fourth Edition
· Hacking Exposed (TM) Web Applications
|
