Hacknotes Web Security Portable Reference

One of my professors is a security professional and recommended this book for me. To be honest, it doesn't cover material from a beginners point of view and would be poor for anyone without a fair background in the material. However, as this is a reference book, I would rank this in the top few books in my library for security. Concise, diverse, and quick to pick up and review.

In last two months, I conducted a web application security course for professionals and I started to collect relevant course content. A pentest professional recommended me to read this book because it provides many useful tools and explanations of vulnerability exploits and defenses. Especially, there is a section about Secure Programming, even it is brief, it could cover security reminder various essential components including database, web server, OS, etc. within the web application infrastructure. In addition, it mentioned current three web application languages - Java, PHP and ASP. The content of reference center are very useful to developers, system/security admininstrator and auditor. Furthermore, the assessment checklist gives us a start to test the application. At least, this book provides a starting point to people to go further.

This is a great book that introduces the core concepts of web application security for both security professionals and software developers. More security books should be written in this spare the details and cut to the chase format. It's high-level enough for beginners yet contains meat that techies and security veterans can benefit from. This book should be on the bookshelf of anyone wanting to learn the essentials of web application security.

Just as the network security Hacknote (the first in the series), this one delivers what is promises. The book provides a nice well-written, fairly comprehensive review of web application security. It also manages to balance attacks and defenses, technology and methodology, tools and concepts, breadth and depth (as appropriate for the 180 page book). The book is very useful as a refresher or to move one step further in web security for a busy security professional who already knows the basics. The book obviously won't make you an expert (as likely no book will) and likely won't reveal any novel attacks to "hardened" web security types.I liked the book, since it came handy when I needed to look up some web security items. The information is available elsewhere, but it was present in this book in a well-packaged form. Hacknotes also contains a nice "reference center" with the summary of web hacking methodology as well as some tricks to try while doing the testing/attacking.Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org