“A great addition to an arsenal to find, exploit and overcome Web security issues.
Suitable for developers and analysts alike, it will unveil the myriad of techniques your
adversaries may employ.” — Heather Adkins, Google Security

“Provides comprehensive coverage of Web application security issues. [The book is] full of
real-life examples of Web application security problems, and is essential reading for aspiring Web security experts.” — Ivan Ristic, author of Apache Securityand ModSecurity, an open source Web application firewall

“Written by well-known and respected industry experts who’ve lived on the digital battlefield, Hacking Exposed Web Applications, Second Editionwill show you how to investigate Web application internals from the outside and in, how to spot and exploit its weak points, and most importantly, the security countermeasures that really make a difference. After reading this book, you’ll never look at a Web site the same way again.”
— From the Foreword by Jeremiah Grossman, Founder and CTO of WhiteHat Security,
Co-Founder of the Web Application Security Consortium (WASC)

“Reveals the magic behind the attacks that are so pervasive on the Web today. Knowing how the attacks work is a first step towards figuring out effective countermeasures. The authors’ style makes the information real and practical, while sharing their real-life experience.” — J.D. Meier, Microsoft Patterns & Practices Team, author of Building Secure ASP.NET Applications and Improving Web Application Security

First Edition Reviews

“Just as the original Hacking Exposed revealed the techniques the bad guys were hiding behind, Hacking Exposed Web Applications will do the same for this critical technology. Its methodical approach and appropriate detail will enlighten, educate, and go a long way toward making the Web a safer place in which to do business.”

—from the Foreword by Mark Curphey, Chair of the Open Web Application Security
Project (www.owasp.org)

“This is a serious technical guide that is also great reading—scary enough to motivate folks to take Web security seriously but approachable enough to be an effective learning tool.
Required reading for Web architects and operators.”

—Erik Olson, Program Manager, Security, ASP.NET

“What better way to defend against hackers than to understand the tools and
techniques that are used to penetrate your site? Hacking Exposed Web Applications
offers a detailed look at common vulnerabilities within your applications and
explains how to protect yourself from them.”

—Mike Mullins, Ecommerce Security Engineer for a leading specialty apparel retailer

“At last, your personal guide to preventing the next generation of security threats.
This book explains in intricate detail how you can do everything right when it comes to
network security and still be owned at the Web application layer.”

—Chip Andrews, www.sqlsecurity.com

“If you’re involved in writing Web-based applications using ASP/ASP.NET, Java, JSP, PHP, or other languages, the Hacking Exposed series is something you DEFINITELY need to read. Before writing one line of code, this book will spark ideas about how to design and secure your Web applications. There are techniques potential hackers could use that I’ve never even thought of! Great resource!”

—Steve Schofield, Creator and Managing Editor, ASPFree.com

"Anyone who administers a web server or develops web applications should read this book to understand the pitfalls and how to avoid them.

—Book Review by Tony Bradley, CISSP, MCSE2k, MCSA, A+