Hey All,
I've been on here a while and thought I would update you all about a new book on Web Application Security I bought quite recently.
Web Application Security - Exploitation and Countermeasures for Modern Web Applications - Andrew Hoffman, March 2020
I have been finding that a lot of Web Application Security books are now very VERY dated, and the newer ones such as a bug bounty hunter's diary are great, but lack additional depth and some required context for those not fully fledged web full stack programmers...
Welcome 'Web Application Security' by Andrew Hoffman!
I am very excited about this book and think it may well become a future classic like WAHH. I am myself from a Systems and Network background before moving into Cyber Sec, and this is one of the first books that gives enough detail to tackle complex conceptual problems without having to already have a solid software engineering background.
If you can script a little in JavaScript (Maybe you could even bridge the gap from another high level language like Python), this book is a real gem.
The examples are fully up to date, all current technologies (additional emphasis on API / Mobile App SDK given that most applications are targeted 2/3 via API now) and interesting future exploit areas mentioned such as 'Web Assembly' 'WebSockets' and more. There is a lot of focus on base technologies such as REST API basics with JSON (and SOAP XML history), leveraging OSS tools such as Chrome Dev Tools for enumeration, very handy when ZAP and Burpe not available.
This opening sets you up for tacking the two main sections - Offensive and Defensive.
Also the author tries to give both Client Side and Server side code examples in JS (Node) for consistency of context keeping it simple.
An excellent resource for OSCP and OSWE too.
Happy hacking all
I've been on here a while and thought I would update you all about a new book on Web Application Security I bought quite recently.
Web Application Security - Exploitation and Countermeasures for Modern Web Applications - Andrew Hoffman, March 2020
I have been finding that a lot of Web Application Security books are now very VERY dated, and the newer ones such as a bug bounty hunter's diary are great, but lack additional depth and some required context for those not fully fledged web full stack programmers...
Welcome 'Web Application Security' by Andrew Hoffman!
I am very excited about this book and think it may well become a future classic like WAHH. I am myself from a Systems and Network background before moving into Cyber Sec, and this is one of the first books that gives enough detail to tackle complex conceptual problems without having to already have a solid software engineering background.
If you can script a little in JavaScript (Maybe you could even bridge the gap from another high level language like Python), this book is a real gem.
The examples are fully up to date, all current technologies (additional emphasis on API / Mobile App SDK given that most applications are targeted 2/3 via API now) and interesting future exploit areas mentioned such as 'Web Assembly' 'WebSockets' and more. There is a lot of focus on base technologies such as REST API basics with JSON (and SOAP XML history), leveraging OSS tools such as Chrome Dev Tools for enumeration, very handy when ZAP and Burpe not available.
This opening sets you up for tacking the two main sections - Offensive and Defensive.
Also the author tries to give both Client Side and Server side code examples in JS (Node) for consistency of context keeping it simple.
An excellent resource for OSCP and OSWE too.
Happy hacking all
Comment