This book is a practical guide to discovering and exploiting security flaws in web applications. By “web application” we mean an application that is accessed by using a web browser to communicate with a web server. We examine a wide variety of different technologies, such as databases, file systems, and web services, but only in the context in which these are employed by web applications. Download the Web App Hacking Handbook.

Chapter 1 Web Application (In)security
Chapter 2 Core Defense Mechanisms
Chapter 3 Web Application Technologies
Chapter 4 Mapping the Application
Chapter 5 Bypassing Client-Side Controls
Chapter 6 Attacking Authentication
Chapter 7 Attacking Session Management
Chapter 8 Attacking Access Controls
Chapter 9 Injecting Code
Chapter 10 Exploiting Path Traversal
Chapter 11 Attacking Application Logic
Chapter 12 Attacking Other Users
Chapter 13 Automating Bespoke Attacks
Chapter 14 Exploiting Information Disclosure
Chapter 15 Attacking Compiled Applications
Chapter 16 Attacking Application Architecture
Chapter 17 Attacking the Web Server
Chapter 18 Finding Vulnerabilities in Source Code
Chapter 19 A Web Application Hacker’s Toolkit
Chapter 20 A Web Application Hacker’s Methodology

Download the Web App Hacking Handbook:
Click here to download the web app hacking handbook. Password is EHT.