Goodreads helps you keep track of books you want to read.
Start by marking “The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws” as Want to Read:
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
Enlarge cover
Rate this book
Clear rating
Open Preview

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws

4.16  ·  Rating Details ·  532 Ratings  ·  27 Reviews
Hack the planet

Web applications are everywhere, and they're insecure. Banks, retailers, and others have deployed millions of applications that are full of holes, allowing attackers to steal personal data, carry out fraud, and compromise other systems. This innovative book shows you how they do it.

This is hands-on stuff. The authors, recognized experts in security testing

...more
ebook, 912 pages
Published August 31st 2011 by Wiley (first published October 1st 2007)
More Details... edit details

Friend Reviews

To see what your friends thought of this book, please sign up.

Reader Q&A

To ask other readers questions about The Web Application Hacker's Handbook, please sign up.

Be the first to ask a question about The Web Application Hacker's Handbook

This book is not yet featured on Listopia. Add this book to your favorite list »

Community Reviews

(showing 1-30)
filter  |  sort: default (?)  |  Rating Details
عَبدُالكَرِيمْ
If you have the basic understanding of security and you want to be a web pen-tester / hacker. This is the book you want to read.

+ Technical just like the way I like books
+ Explains many methods you couldn't possible imagine before.
+ Step by Step explanation
+ New ideas and exploitation methods

- Labs cost 7$ / Hr ---> Not much practice; however you can find many free practice labs (e.g. pentesterlab.com)
- Focuses on Burp Proxy only -- there are many other tools
- a bit outdated ! <- many of v
...more
Cameron
Jul 02, 2012 Cameron rated it it was amazing  ·  review of another edition
Pretty much the definitive guide to testing and defending web apps. Anyone looking to enter the field can't do much better than reading this book cover to cover.
Takedown
Jul 25, 2014 Takedown rated it it was amazing  ·  review of another edition
This is the best web security book period. Absolutely awesome, easy to read and filled with practical tips and tricks with no bullshit. Highly recommended.
Balhau
Feb 01, 2014 Balhau rated it really liked it  ·  review of another edition
Well this was a really long journey. This book has a massive number of pages, about 900. It took me a month to read all the contents here and the conclusion is, this is just the begining. The technics used to hack into web applications, and in a more general perspective, computer systems are many, furthermore the can and should be combined to optimize the effectiveness of your attack. This book introduces you into the world of hacking in a web application perspective. You should be advised that ...more
OJ
Aug 22, 2013 OJ rated it really liked it  ·  review of another edition
Shelves: security
This is a necessary read for anyone looking to get a better idea of web application security, particularly those who haven't had a background in the security field at all. It's a long read, and not one that I think people can sit down to and push through quickly. I got through this while reading a few others at the same time.

It's fairly well edited with just a few simple mistakes. The exercises are interesting, though they feel a little laborious by the end.

I enjoyed reading it and would recomme
...more
David Oren
Oct 30, 2014 David Oren rated it really liked it  ·  review of another edition
Really good book, I learned a ton and it's great for creativity as well.

I remember waking up everyday for ~2-3 weeks and reading this for 1 hour straight at 5:30-6am, just to finish the toughest thing first thing in the day haha. Very hard to read, looking back I have no idea how I did it :)

Ahmed Sultan
Nov 08, 2015 Ahmed Sultan rated it really liked it  ·  review of another edition
Shelves: tech
Finished the book long time ago , but had to return to it again these days
well , i consider it as the web app pentesting bible xD
totally worth 5 stars , but took off one because it depend a lot on the paid online labs which cant be afford for long time
waiting for the 3rd edition
Elene Latsoshvili
Aug 16, 2010 Elene Latsoshvili rated it it was amazing  ·  review of another edition
Shelves: programming
Loved the book. Maybe overdetailed in some parts, but it covers really lots and lots of things explained in a very good way :) a must-read for web application developers
Mark
Jun 29, 2012 Mark rated it really liked it  ·  review of another edition
Still reading it, but helps to sharpen the swords and buff the armor ;)
Justin
Good too much advertising

Overall, there was a lot of information. I hated the constant use burp suite for this and that. SHUT UP ABOUT BURP SUITE!!! Also, all over the book are links to highly expensive pay by the hour labs that do not even include an answer key. These are used as examples, also. Another thing I dis liked was the last couple of chapters. They barley fit within the book's title.
Beularani Kanumuri
This review has been hidden because it contains spoilers. To view it, click here.
John Chilton
This book is a little long winded and a bit dry, so based just on the writing of the book I would have given it two stars. However the book shines in that it has an unconventional perspective and it stands by this perspective. It is written as guide to attacking applications, not securing them. I thought that would be a gimmick and each chapter would be 1/5 how to hack and 4/5 how to defend, but no quite the opposite is true. I am not sure it is the greatest approach to learning the material, bu ...more
Mcgyver5
Nov 02, 2015 Mcgyver5 rated it really liked it  ·  review of another edition
Every web developer should read this book.
Freddie Barr-Smith
Great and comprehensive book.
Kishor
Dec 13, 2015 Kishor rated it really liked it  ·  review of another edition
Very comprehensive, but redundant at times.
Enikő
Jul 08, 2014 Enikő rated it liked it  ·  review of another edition
Shelves: security
The content is good. Though is too lengthy and fuzzy. I would suggest to start reading with the last chapter to get an overall idea what will be in the book. I gave it three stars because I think the book could be presented in more easily digestible way. If you plan to read, you should read this book. Suggested.
Erin
Jul 08, 2008 Erin rated it liked it  ·  review of another edition
Useful for scoping, but omits finer details for obvious reasons. Almost all sections have examples that you will never see in the wild. Says, "Hack The Planet" on the back, so it's embarassing to carry around. Otherwise, a must-read... more for web app developers than auditors, though.
Alex
Oct 15, 2015 Alex rated it it was amazing  ·  review of another edition
850 pages of defined wisdom from authors of Burp Suite. From plain simple to nifty tricks, all here with option of paid training on their own platform. As an alternative OWASP's isos can be used for training. Very cool.
Seth
Aug 06, 2014 Seth rated it it was amazing  ·  review of another edition
Dafydd Stuttard (more commonly known as portswigger) is not only an expert in the field of web application penetration testing, but also excels at conveying highly technical concepts with eloquence.
Mai
it's very old now
i recommend the second edition http://www.goodreads.com/book/show/11...
Stuart
May 08, 2015 Stuart rated it it was amazing  ·  review of another edition
This one will stay front and center on my bookshelf. I'm strongly considering buying the print version. I read mine on safari bookshelf.
John George
May 22, 2012 John George rated it liked it  ·  review of another edition
Shelves: developer
Good reference books exposes you to various parts of a web application
Shyam
Aug 03, 2016 Shyam rated it really liked it  ·  review of another edition
Highly recommend book for beginners in infosec/pentesting
Anna
Nov 16, 2015 Anna rated it liked it
Lots of good information but reads like a textbook.
Jimmy O...
I never got a chance to finish this book.
William
Jan 24, 2011 William rated it it was amazing  ·  review of another edition
Awesome book!
Ibrahim Magdy
Jan 01, 2013 Ibrahim Magdy rated it really liked it  ·  review of another edition
Old way of testing
Jonas Thu
Jonas Thu marked it as to-read
Sep 27, 2016
Kyle Schatzle
Kyle Schatzle rated it really liked it
Sep 25, 2016
Kenshin_Miura
Kenshin_Miura marked it as to-read
Sep 25, 2016
« previous 1 3 4 5 6 7 8 9 next »
topics  posts  views  last activity   
The book title is wrong 1 6 Sep 28, 2011 01:12AM  
  • The Tangled Web: A Guide to Securing Modern Web Applications
  • Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
  • Gray Hat Python: Python Programming for Hackers and Reverse Engineers
  • Gray Hat Hacking: The Ethical Hacker's Handbook
  • Metasploit: The Penetration Tester's Guide
  • The Shellcoder's Handbook: Discovering and Exploiting Security Holes
  • Reversing: Secrets of Reverse Engineering
  • Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning
  • The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler
  • The Practice of Network Security Monitoring: Understanding Incident Detection and Response
  • A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security
  • Security Engineering: A Guide to Building Dependable Distributed Systems
  • Hacking: The Art of Exploitation
  • The Art of Software Security Assessment: Identifying and Avoiding Software Vulnerabilities
  • Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers
  • Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
  • Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems
  • Cryptography Engineering: Design Principles and Practical Applications

Goodreads is hiring!

If you like books and love to build cool products, we may be looking for you.
Learn more »

Share This Book