top of page
Writer's pictureMatthew Twells

Recommended Reading - The Web Application Hacker's Handbook, 2nd Ed. by D.Stuttard/M.Pinto


Recommended Reading are quick posts highlighting those books, courses and software that are true force-multipliers when it comes to getting started, getting better or getting ahead.

The Web Application Hacker's Handbook, 2nd Edition by Dafydd Stuttard and Marcus Pinto is under the spotlight today - this is a real Bible for people wanting to get into penetration testing as a career, as web application testing will comprise a lot of your early work. Get it here.

 

What's In The Book?


The Web App Hacker's Handbook is a fantastic introduction to someone who hasn't just chosen cyber, but penetration testing specifically. It's a big one - weighing in at 914 pages. Not a portable book, for sure - potentially one for the Kindle!


This book is a monster (in a good way) - covering almost every major access point and potential weakness in a web application, as well as introducing the concepts of how they work.

Examples of topics covered include:


  • Application Mapping

  • Attacking Authentication

  • Session Management Attacks

  • Attacking Databases and Data Stores

  • Cross-site Scripting

  • Attacking the Underlying Server

  • Finding Source Code Vulnerabilities

There are over 20 chapters to work your way through, all with real in-depth explanations, example code and the occasional diagram too (fancy, I know).

The book also adds two massively helpful sections at the end laying out a proper toolkit and methodology too - a godsend to those unfamiliar with this dark art.


How Easy Is It to Read?


I won't bullshit you - this is not the easiest read. Seasoned testers happily admit they haven't finished this beast off, but you don't need to.

This is less a book to finish before you even start, and more one that you'll continue to refer to again and again for different things as you progress throughout your career.

You'll likely learn something a little different every time you open the book to a new page.


Does It Ever Get Past The Basics?


Jesus Christ, yes. If you've never seen any of this stuff before, this book already goes well beyond basic and into fairly advanced territory. This is one of those books that you'll come and attack in multiple chunks once you've nailed the last concept.

This book is more than enough for someone starting out, but is less forgiving than something like Penetration Testing by Georgia Weidman for absolute beginners. It'll take some time, but it will pay massive dividends once you do.


How much does it cost?





As can be seen here, the book is currently just over £26 on Amazon, and this is a steal. This book will serve you at least a few years into your career, which for less than a trip to the cinema for two is obscenely cheap.


Overall Impression: Fantastic, if fairly gigantic tome on web application hacking. Less forgiving for newcomers but the ROI on your initial investment in time and money will make you a better tester, guaranteed. Provided you put the work in, of course.


10 views0 comments

Comments


bottom of page