Rating:
(7 reviews)
Author: Andres Andreu
ISBN : 0471789666
New from $22.99
Format: PDF
Download electronic versions of selected books Free Professional Pen Testing for Web Applications [Paperback] for everyone book mediafire, rapishare, and mirror link
There is no such thing as "perfect security" when it comes to keeping all systems intact and functioning properly. Good penetration (pen) testing creates a balance that allows a system to be secure while simultaneously being fully functional. With this book, you'll learn how to become an effective penetrator (i.e., a white hat or ethical hacker) in order to circumvent the security features of a Web application so that those features can be accurately evaluated and adequate security precautions can be put in place.
After a review of the basics of web applications, you'll be introduced to web application hacking concepts and techniques such as vulnerability analysis, attack simulation, results analysis, manuals, source code, and circuit diagrams. These web application hacking concepts and techniques will prove useful information for ultimately securing the resources that need your protection.
What you will learn from this book
* Surveillance techniques that an attacker uses when targeting a system for a strike
* Various types of issues that exist within the modern day web application space
* How to audit web services in order to assess areas of risk and exposure
* How to analyze your results and translate them into documentation that is useful for remediation
* Techniques for pen-testing trials to practice before a live project
Who this book is for
This book is for programmers, developers, and information security professionals who want to become familiar with web application security and how to audit it.
Wrox Professional guides are planned and written by working programmers to meet the real-world needs of programmers, developers, and IT professionals. Focused and relevant, they address the issues technology professionals face every day. They provide examples, practical solutions, and expert education in new technologies, all designed to help programmers do a better job.
Direct download links available for Free Professional Pen Testing for Web Applications [Paperback]
- Paperback: 522 pages
- Publisher: Wrox; 1 edition (July 5, 2006)
- Language: English
- ISBN-10: 0471789666
- ISBN-13: 978-0471789666
- Product Dimensions: 1.3 x 7.2 x 9.1 inches
- Shipping Weight: 1.6 pounds (View shipping rates and policies)
Free Professional Pen Testing for Web Applications
Taking a top-level view on the subject on pen testing web applications this book is a success. It does not focus on hack techniques only and certainly does not use case studies to just show off. The author provides an excellent balance of in-depth technical hacking information with the way the results from such activity get applied to the business of pen testing. Many other books simply show techniques or cover a case study and then move on, the author of this book, Andres Andreu, covers how to handle the results of such needle in the haystack work in order to make strides towards web presence protection. He is clearly not trying to generate more script kiddies but provide professionals the power to understand their security position in respect to web applications and take measures to protect themselves through this heightened awareness.
One of the strong points the author makes is certainly well taken in that the typical security professional is not knowledgeable enough to properly protect the web applications of today, they are generally network specialists. Based on this notion the book predominately attacks the issue from a programmatic stance aiming at filling the gaps where security is important. But he provides enough foundation and basics that if you carefully read you should not be at a loss when using this book. Also provided are enough data to build an effective personal lab and practice most of the areas covered throughout the book. This book really should be on every desk or shelf of security professionals that deal with web applications.
The book has a general pragmatic overtone and the author is obviously focused on real world work and results, keeping theory to a minimum.
I recently received copies of Hacking Exposed: Web Applications, 2nd Ed (HE:WA2E) by Joel Scambray, Mike Shema, and Caleb Sima, and Professional Pen Testing for Web Applications (PPTFWA) by Andres Andreu. I read HE:WA2E first, then PPTFWA. Both are excellent books, but I expect potential readers want to know which is best for them. I could honestly recommend readers buy either (or both) books. Most people should start by reading HE:WA2E, and then fill in gaps by reading PPTFWA.
Before proceeding I should note I used to work with the two ex-Foundstone authors of HE:WA2E, although I haven't been afraid in the past to review books honestly.
First, I must say PPTFWA was published in the right series. The motto "Programmer to Programmer," and the term "Professional" in the title, clearly apply to this book. Author Andres Andreu takes his work very seriously, sometimes at the expense of the non-programming network security crowd. You will feel welcome if you are a programmer/security person, but maybe not if you work with "edge devices" like firewalls, IDS, and so on. Given this stance, I found it ironic that PPTFWA's advice (on p 220) for dealing with such impediments is "[m]ake sure your client disables these." Despite the author's focus on application security, he still notes (on p 425) "edge-level protective steps are interesting because they can provide the same level of protection to multiple Web applications simultaneously... [t]his is important because many times you will be faced with a Web application that needs remediation, but the stakeholders will not allow anyone to touch it at the core." Exactly!
PPTFWA's strengths lie in the depth it covers certain subjects. For example, its discussions of Web Services are very strong, easily better than HE:WA2E.