The Hackers Codex: Modern Web Application Attacks Demystified

by Brandon Wieser

Modern day web applications are a complicated mix of client and server-side programming languages, frameworks, cloud infrastructure, proxies and caches. Additionally, web applications are protected and monitored by several defense in-depth tools including web application firewalls, intrusion detection and prevention systems, as well as newer solutions that use artificial intelligence and machine learning to block attacks. The learning curve to find and exploit impactful flaws in web applications has never been higher.In "The Hacker's Modern Web Application Attacks Demystified" you'll learn how to find and exploit real world web application security bugs by using examples found in real life applications. These same techniques are used by cyber gangs to generate millions of dollars every year. This book is not another OWASP top ten reprint and is not an introductory text. It's expected that the reader has read the "Web Application Hackers Handbook" and has a working knowledge of an intercepting proxy like BurpSuite.

188 pages, Kindle Edition

Published February 10, 2021

Reviews

[Ajam · Rating 4 out of 5]

4★
This surprised me, both how good it was and on what topics it chose to focus.
The best bits are when Wieser describes how the N/A-ed and Low-Impact Bugs are more dangerous than the RCE & popping a shell, as in the end, an attacker targets the customer, and it's much easier and practical to abuse low hanging vulns, and since companies don't care much about them and don't patch, attackers have virtually free ground to do whatever they want.