The Web Application Hacker's Handbook
I normally don't read tech books. In college, I'd purchase books from the university book store, but if I could avoid reading them, I did. I mostly needed them to do the class homework. Most of the time, teachers provided in-class materials on their website in powerpoint/slideshow format or a PDF.
So, why this book?
During my time at Kratos Secureinfo, the person who hired me recommended this book in particular. They said "if you are serious about this sort of gig, read this book".
So I did. And I re-read sections of it all the time.
It is a bit of an older book, but contains many useful sections and helps to wire your brain towards looking for vulnerabilities in general. If you want to learn how to think like a hacker, this is the book for you.
The authors worked on burp suite, which this book encourages the use of, and tbh, there aren't any good alternatives to burp that I can think of, to the point of me considering writing my own implementation. The situation is THAT dire!
Inside its cover, you'll find information about mapping attack surfaces, intelligence gathering, vulnerability discovery, exploitation, attacking javascript, mysql, php, perl, web servers, databases, WAFs (web application firewalls), native applications, source code, random tokens, cookies, and more!
Coming at this from a programmer background, there is a world to explore just with this book alone. Join me, won't you, on this journey to hackerdom.
Top comments (0)