- Shopping Bag ( 0 items )
From Barnes & NobleThe Barnes & Noble Review
Putting software on the Web is like leaving a baby in a shark tank. Before you expose your mission-critical Web application to the piranhas, you’d better systematically test its security. Now, thankfully, there’s help.
Readers who swore by How to Break Software and How to Break Software Security begged the authors to take on web software next. They’ve done so -- superbly. From buffer overflows to fake encryption, you’ll learn where to look, how to test, and above all, how to mitigate the problems you find.
Such as: Malicious user-supplied input. Client attacks against input controls and validation. Server attacks, such as SQL injection with stored procedures. State-based attacks, from poisoned cookies to hijacked sessions. Even web services attacks targeting flaws in WSDL and XPATH.
Do you really want to go live without running these tests? We didn’t think so. Bill Camarda, from the March 2006 Read Only