Web Security Testing Cookbook
If your web site contains anything other than static web pages then this book is a must have guide to reducing the possibility of their being security holes in the code you are using. If you are working with web 2.0 then this is an essential book for your collection.
My Rating: 
Pros
- Step by step practical guide.
- Covers a number of different types of attack and how to test them.
- Shows you how to get free tools to test with.
- Shows you how to test the security of your web applications.
Cons
- Doesn't cover why, what, where, who, and when to test.
- Doesn't provide specific data for testing security .
Description
- First Edition: October 2008
- 285 page paperback
- Published by O'Reilly Media
- ISBN: 0-596-51483-2
- Systematic Techniques to Find Problems Fast
- Authors Paco Hope and Ben Walther
Review
This book has one very clear and practical focus - how to test web applications. It maintains that focus throughout the book giving practical information at every step along the way. A number of different aspects of security testing are covered including observation, data encoding, input tampering, bulk scanning, automation, design flaws, Ajax, manipulating sessions and multifacet testing.
The early part of the book covers where to get free testing tools from and how to install them and it is those tools that the latter part of the book then shows you how to use to perform all the different security tests. The book covers not only many of the obvious and not so obvious means by which the security of a web application can be compromised, it also shows you exactly how to test your code in an attempt to compromise the security.
Some of the suggested tools covered in this book can be very dangerous if used in the wrong way or by the wrong person but the extremely clear step by step instructions on what to do and what not to do with the tools should allow the careful reader to use them safely to test the security of their web applications.
