HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 23 guests and 1 member online
 
Free Business and Tech Magazines and eBooks

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Web Applicationsarrow Anyone read the Web Application Hackers Handbook version 2?
EH-Net
May 25, 2013, 10:22:22 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1] 2   Go Down
« previous next »
  Print  
Author Topic: Anyone read the Web Application Hackers Handbook version 2?  (Read 10122 times)
0 Members and 1 Guest are viewing this topic.
TheXero
Full Member
***
Offline Offline

Posts: 112


Try Harder!


View Profile WWW
« on: November 16, 2011, 06:19:55 AM »
Hi,

The got a no in the latest interview I had for a sec position because my web app security skills are not up to par.

So naturally I want to try and improve my chances so have decided to start doing some research on the subject and I have heard great things from the first WAHH (not read) but noticed a second edition was release in September/October time of this year.

Only reviews I have come across are on Amazon but was wandering if there was a EH-net review or what you guys think of the new book.

Regards,
TheXero
Logged
OSCP | OSWP
www.thexero.co.uk
n3r
Jr. Member
**
Offline Offline

Posts: 95



View Profile
« Reply #1 on: November 16, 2011, 06:55:16 AM »
I've not read it but i have the first one which is pretty good. I didn't know a lot of things about web pentest but i have understood a lot with it.
It's better if you have some knowledge with HTTP/SQL/JAVA but the book covers the basic.

Moreover you can use the book with the lab MDSEC if you don't care about the price.
Logged
alucian
Full Member
***
Offline Offline

Posts: 225



View Profile
« Reply #2 on: November 16, 2011, 08:20:27 AM »
Hi,

I have it and I am reading it right now, in order to help me better understand the material for GWAPT exam.

I can say that it is the best, and it has the advantage that you can pair it with prcatical labs created by the authors. The downsize is that the labs are quite expensive (7$/ hour), but it's cheaper than pay 4000$ for the SANS course.

For the begginers I recommend Elearnsecurity course first, and then build in its foundation using the book.

@TheXero I know that your background is good so you can start directly with the book.
Logged
CISSP ISSAP, CISM/A, GWAPT, GCIH, eCPPT, OSWP
cd1zz
Recruiters
Hero Member
*
Offline Offline

Posts: 561


View Profile WWW
« Reply #3 on: November 16, 2011, 08:29:53 AM »
It's a fantastic book.
Logged
OSCE | OSCP | GXPN | OSWP | CISSP
http://www.pwnag3.com
http://www.networkadminsecrets.com
n3r
Jr. Member
**
Offline Offline

Posts: 95



View Profile
« Reply #4 on: November 16, 2011, 08:58:11 AM »
by the way do you use Burp suite or the professionnal version ?
Logged
alucian
Full Member
***
Offline Offline

Posts: 225



View Profile
« Reply #5 on: November 16, 2011, 09:43:38 AM »
I have both of them.

The commercial one will be better suited for the cases where you'll need the intruder. You will not need the scanner for the exercises, because you know what is the vulnerability.

Logged
CISSP ISSAP, CISM/A, GWAPT, GCIH, eCPPT, OSWP
lorddicranius
Sr. Member
****
Offline Offline

Posts: 447



View Profile WWW
« Reply #6 on: November 16, 2011, 10:54:55 AM »
Quote from: alucian on November 16, 2011, 08:20:27 AM
For the begginers I recommend Elearnsecurity course first, and then build in its foundation using the book.

This is exactly what I'm doing right now and it's working out well!  Being the beginner I am with limited web programming experience, I think WAHHv2 is a great book.  Talks about the different security mechanisms used in web apps and how they work, helps give you different perspectives when faces with different vulnerabilities, different ways to exploit the vulnerabilities, etc.  Right now I'm reading the sections of WAHH that match with what I'm learning with eLearnSecurity, but after the class/exam is up I'll be giving the book a more thorough read through.
Logged
GSEC, eCPPT, Sec+
midnight monster
Newbie
*
Offline Offline

Posts: 38


im not a monster !


View Profile
« Reply #7 on: November 16, 2011, 11:02:45 PM »
yes i start reading it and its awsome
Logged
MCITP - Network +
millwalll
Guest
« Reply #8 on: November 17, 2011, 03:40:54 AM »
I am reading it now too on about chapter 11 as my web foo needs improving too.
Logged
easy
Newbie
*
Offline Offline

Posts: 15


View Profile WWW
« Reply #9 on: November 21, 2011, 06:59:53 AM »
Quote from: TheXero on November 16, 2011, 06:19:55 AM
Hi,

The got a no in the latest interview I had for a sec position because my web app security skills are not up to par.

So naturally I want to try and improve my chances so have decided to start doing some research on the subject and I have heard great things from the first WAHH (not read) but noticed a second edition was release in September/October time of this year.

Only reviews I have come across are on Amazon but was wandering if there was a EH-net review or what you guys think of the new book.

Regards,
TheXero

I have read the old one and 2 days ago i got the 2nd which 920 pages.

This book is very good to get started - intermediate.

Good Luck
Logged
Cotica
Newbie
*
Offline Offline

Posts: 2


View Profile
« Reply #10 on: December 17, 2011, 09:44:56 AM »
I have it too and it's worth reading!

A suggestion to all of you...what do you think about discussing the solutions about the lab exercise?

Let me know!
Logged
xXxKrisxXx
Hero Member
*****
Offline Offline

Posts: 512



View Profile
« Reply #11 on: December 17, 2011, 01:31:13 PM »
Hi Cotica,

Welcome to EthicalHacker.net. The solutions can actually be found below for edition 2:
Spoiler Alert.

If you were interested in labs where you can practice the material that is in the book itself, look into www.mdsec.net. There's an active thread here about it.
Logged
eCPPT, GCIH, OSCP, OSWP
alucian
Full Member
***
Offline Offline

Posts: 225



View Profile
« Reply #12 on: December 19, 2011, 09:18:58 AM »
Quote from: xXxKrisxXx on December 17, 2011, 01:31:13 PM
Hi Cotica,

Welcome to EthicalHacker.net. The solutions can actually be found below for edition 2:
Spoiler Alert.


Those are the answers to the questions at the end of every chapter. I don't know if there are solutions for the labs.
Logged
CISSP ISSAP, CISM/A, GWAPT, GCIH, eCPPT, OSWP
eyenit0
Jr. Member
**
Offline Offline

Posts: 51


View Profile
« Reply #13 on: January 17, 2012, 09:01:57 AM »
I'm almost all the way through the book and I found it very insightful. I wish the labs were free!
Logged
vp75
Jr. Member
**
Offline Offline

Posts: 78


View Profile
« Reply #14 on: January 17, 2012, 11:17:54 AM »
Hi
Just go the few books recently including a book on XSS, The Basics of Hacking and Penetration testing, Web Application Hackers Handbook, not yet started as I'm reading currently reading The Basics of Hacking and Penetration testing. I will look into it soon....exciting (not enough hours to read in a day Huh)
V
Logged
eCPPT
Pages: [1] 2   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.079 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.