EH-Net

Hi,

The got a no in the latest interview I had for a sec position because my web app security skills are not up to par.

So naturally I want to try and improve my chances so have decided to start doing some research on the subject and I have heard great things from the first WAHH (not read) but noticed a second edition was release in September/October time of this year.

Only reviews I have come across are on Amazon but was wandering if there was a EH-net review or what you guys think of the new book.

Regards,
TheXero

I've not read it but i have the first one which is pretty good. I didn't know a lot of things about web pentest but i have understood a lot with it.
It's better if you have some knowledge with HTTP/SQL/JAVA but the book covers the basic.

Moreover you can use the book with the lab MDSEC if you don't care about the price.

Hi,

I have it and I am reading it right now, in order to help me better understand the material for GWAPT exam.

I can say that it is the best, and it has the advantage that you can pair it with prcatical labs created by the authors. The downsize is that the labs are quite expensive (7$/ hour), but it's cheaper than pay 4000$ for the SANS course.

For the begginers I recommend Elearnsecurity course first, and then build in its foundation using the book.

@TheXero I know that your background is good so you can start directly with the book.

It's a fantastic book.

by the way do you use Burp suite or the professionnal version ?

I have both of them.

The commercial one will be better suited for the cases where you'll need the intruder. You will not need the scanner for the exercises, because you know what is the vulnerability.

This is exactly what I'm doing right now and it's working out well!  Being the beginner I am with limited web programming experience, I think WAHHv2 is a great book.  Talks about the different security mechanisms used in web apps and how they work, helps give you different perspectives when faces with different vulnerabilities, different ways to exploit the vulnerabilities, etc.  Right now I'm reading the sections of WAHH that match with what I'm learning with eLearnSecurity, but after the class/exam is up I'll be giving the book a more thorough read through.

yes i start reading it and its awsome

I am reading it now too on about chapter 11 as my web foo needs improving too.

I have read the old one and 2 days ago i got the 2nd which 920 pages.

This book is very good to get started - intermediate.

Good Luck

I have it too and it's worth reading!

A suggestion to all of you...what do you think about discussing the solutions about the lab exercise?

Let me know!

Hi Cotica,

Welcome to EthicalHacker.net. The solutions can actually be found below for edition 2:
Spoiler Alert (http://mdsec.net/wahh/answers2e.html).

If you were interested in labs where you can practice the material that is in the book itself, look into www.mdsec.net (http://mdsec.net). There's an active thread here (http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,8305.msg45507/topicseen,1/) about it.

Those are the answers to the questions at the end of every chapter. I don't know if there are solutions for the labs.

I'm almost all the way through the book and I found it very insightful. I wish the labs were free!

Hi
Just go the few books recently including a book on XSS, The Basics of Hacking and Penetration testing, Web Application Hackers Handbook, not yet started as I'm reading currently reading The Basics of Hacking and Penetration testing. I will look into it soon....exciting (not enough hours to read in a day ???)
V

Amazingly I never saw this thread before now, anyway I'm sorry to hear about that, didn't you participate in the HaXx.Me's? You should've asked me for info  ;D

The Web Application Hackers Handbook 1 and 2 are definitely recommendable, to anyone. Even me, though sometimes, you have to think beyond, keep that in mind, always  ;)

Besides that.. I am possibly cooking something you can use hehe  ;D