HN Books @HNBooksMonth

The best books of Hacker News.

Hacker News Comments on
The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws

Dafydd Stuttard, Marcus Pinto · 4 HN comments
HN Books has aggregated all Hacker News stories and comments that mention "The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws" by Dafydd Stuttard, Marcus Pinto.
View on Amazon [↗]
HN Books may receive an affiliate commission when you make purchases on sites after clicking through links on this page.
Amazon Summary
This book is a practical guide to discovering and exploiting security flaws in web applications. The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications. The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results. The authors are professional penetration testers who have been involved in web application security for nearly a decade. They have presented training courses at the Black Hat security conferences throughout the world. Under the alias "PortSwigger", Dafydd developed the popular Burp Suite of web application hack tools.
HN Books Rankings

Hacker News Stories and Comments

All the comments and stories posted to Hacker News that reference this book.
Nice recommendation tptacek. Also nice is the book by the author of the same software:
If you click over to my profile, there's an Amazon reading list I made up to answer the question "what should I read up on to get better at appsec". I think WAHH is #2 or #3 on it.

If you're a talented programming (we especially like talking to people who are good in C, but we're happy to meet anyone) and you're seriously interested in working from Chicago, NYC, or SFBA doing appsec, but don't feel like you have the background, drop me a line. My usual next step for people who I think would be ready to interview with us but for some web app knowledge is to shoot them a copy of that book. Infinite free books is a small perk here.

I have been keeping a list of books I used to augment my CS Masters Degree courses on various topics, here are the relevant ones I have found useful for the topics you have listed:

--Computer Organization--:

Computer Systems: A Programmer's Perspective

I liked this much better than Computer Organization and Design by Patterson and Hennessy which everyone has encountered at some point. The developer-centric view was very cool.

--Computer Security--:

Kernel Exploitation: Attacking the Core

Most 'hacking' books are goofy. This one is very good and doubles nicely as a hackers operating systems text.

Web Application Hackers Handbook

Very nice overview for web concerns.

--Operating Systems-:

Operating System Design and Implementation

I don't agree with Tanenbaum's views on micro vs. monolithic kernels but this book is a great mix of theory and implementation.

Linux Kernel Devleopment

I used this to get a feel for the monolithic implementations of topics covered by Tanenbaum.


TCP/IP Illustrated Series. More than you would ever want to know.

The Web Application Hacker's Handbook is most widely cited in a more general sense. I'm reading it myself at the moment -

Awesome book covers EVERYTHING with practical instructions + a comprehensive checklist.

HN Books is an independent project and is not operated by Y Combinator or
~ [email protected]
;laksdfhjdhksalkfj more things ~ Privacy Policy ~
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.