Web Application Hacker’s Handbook

I’m really late to the game, and should have acquired a copy of this book years ago.

The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws

First of all, the people who wrote this book also wrote the amazing (but pricy and not-open) Burp Suite. A lot of material in the book is written in the context of how-to-use Burp, which is fine…anyone working in this field should get some time in with Burp. It is a pretty great tool.

The Web Application Hackers Handbook is a thicc book on various how-tos from mapping an application to the various attack techniques such as cross-site scripting (XSS), cross-site request forgery (CSRF), server-side request forgery (SSRF), attacking client-side versus server-side architecture, timing-based techniques (this was my favorite insight that the books provided me, and is one aspect I really don’t see covered too often in the field), etc.

I’m kind of dumping this text out there rapidly, but this book really is useful. The material might be dated, but the insights are more valuable than anything. It serves as both a historical document as well as a how-to guide for the up-and-coming security researcher.

Web App hacking is just aspect of the greater picture I am involved in, and did not grow up with any direction or knowledge in exploring this space, and as a result feel “left behind”. However, I hope to utilize what I have learned in conjunction with my programming capacity in order to facilitate automated attack techniques inspired in part by this book.

Just buy the fucking book already.