Updates
Latest Tweet
What's New?
Check out for latest innovation, a computer based training video collection
Like this Page
Web Applications (Hacking Exposed) Review by phil
The best web hacking book today
I just finished reading Hacking Exposed Web Apps and was coming back to Amazon to fwd the recommendation to a friend who is a CSO at a Fortune 500 firm when I stumbled upon the review from hermie. I have to say that I disagree completely with hermie's assessment, and felt compelled enough to say so in print! First of all, the book does cover a number of web platforms besides IIS -- it's the only one I've seen that talks about web services in any detail (SOAP, UDDI, XML, etc.), and it also devotes entire chapters to both web app management and web client hacking as well (very salient but often overlooked topics in other books). Main author Scambray may be a Windows security expert, but the non-Windows expertise is very visible in the appendix on libwhisker and the chapters on surveying the app, attacking session state, and input validation, etc. This also calls into question the criticisms by hermie of the specific detail versus the depiction of broad concepts -- if you are after ancient security concepts, then you plainly shouldn't be reading the Hacking Exposed series! That's the point of each book in the series -- use fresh, relevant technical details on how to hack to illustrate cutting-edge *concepts* in computer and Internet security. I think hermie really missed the boat here. Finally, the straw that broke the camels back for me was the comparison to "Web Hacking" by McClure. McClure is an executive now running his own start-up, and the knock that I've heard on this book is that it is really non-technical and out-of-date in sections. McClure brought in strong contributors to drive the details, but apparently couldn't glue the right pieces together to make this book competitive. I have a borrowed copy on my shelf, but frankly could not get past the first three or so chapters. Sigh -- I guess that's the breaks when anyone can post their thoughts here in the review section :)