As with any major undertaking on par with the complexity of Hacking Exposed: Web Applications, there are inevitably errors and omissions that occur. This page is dedicated to tracking the serious errors that affect our readers' experience with the book. The following are corrections to the 1st printing of Hacking Exposed: Web Applications, 2nd Edition. If you do not see these errors, that may be because you have a subsequent printing where many of these corrections may have already been made. To determine which printing you have, consult the information on the first pages of the book (copyright, etc.). You should find a number that looks like this:

1234567890 CUS CUS 0198765432

If the first number is a 1, then it is the first printing. If the first number is a 2, it is the second printing, and so on.To submit errors, please email joel@webhackingexposed.com.

Each correction is listed by page number of the first printing on the far left.

8/17/07
Thanks to Chris Loftus for pointing out a typo on page 66: AJAX is Asynchronous JavaScript And XML, not Asynchronous Java And XML.

3/29/07
Thanks to Paco Hope of Cigital for suggesting modification of the Perl code for session ID anlaysis on pages 180-181. Paco's suggested improvement can be dowloaded from this site, and uses the Math::BigInt module to improve precision. Thanks, Paco!

2/23/07
The "NGSSoftware database tools" link found on our Tools page was incorrect and was changed to: http://www.ngssoftware.com/products/database-security/. Thanks to Duncan Gray at NGSS who pointed that out.

8/3/06
Thanks to Darren who pointed out an error on page 151, figure 4.8: the graphic being identified is G85OUL, the text displayed by PWNtcha is C85OUL so the caption underneath is wrong.

7/8/06
Tim Watson noted that our link for Hydra on page 155 was not working; it's now pointing again to The Hacker's Choice.