.

Anyone read the Web Application Hackers Handbook version 2?

<<

TheXero

User avatar

Full Member
Full Member

Posts: 112

Joined: Tue Dec 07, 2010 12:24 pm

Post Wed Nov 16, 2011 7:19 am

Anyone read the Web Application Hackers Handbook version 2?

Hi,

The got a no in the latest interview I had for a sec position because my web app security skills are not up to par.

So naturally I want to try and improve my chances so have decided to start doing some research on the subject and I have heard great things from the first WAHH (not read) but noticed a second edition was release in September/October time of this year.

Only reviews I have come across are on Amazon but was wandering if there was a EH-net review or what you guys think of the new book.

Regards,
TheXero
<<

n3r

User avatar

Jr. Member
Jr. Member

Posts: 95

Joined: Wed Sep 28, 2011 1:06 am

Location: paris

Post Wed Nov 16, 2011 7:55 am

Re: Anyone read the Web Application Hackers Handbook version 2?

I've not read it but i have the first one which is pretty good. I didn't know a lot of things about web pentest but i have understood a lot with it.
It's better if you have some knowledge with HTTP/SQL/JAVA but the book covers the basic.

Moreover you can use the book with the lab MDSEC if you don't care about the price.
<<

alucian

User avatar

Full Member
Full Member

Posts: 228

Joined: Mon Dec 29, 2008 2:01 pm

Location: Montreal, Canada

Post Wed Nov 16, 2011 9:20 am

Re: Anyone read the Web Application Hackers Handbook version 2?

Hi,

I have it and I am reading it right now, in order to help me better understand the material for GWAPT exam.

I can say that it is the best, and it has the advantage that you can pair it with prcatical labs created by the authors. The downsize is that the labs are quite expensive (7$/ hour), but it's cheaper than pay 4000$ for the SANS course.

For the begginers I recommend Elearnsecurity course first, and then build in its foundation using the book.

@TheXero I know that your background is good so you can start directly with the book.
CISSP ISSAP, CISM/A, GWAPT, GCIH, GREM, GMOB, OSWP
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Wed Nov 16, 2011 9:29 am

Re: Anyone read the Web Application Hackers Handbook version 2?

It's a fantastic book.
<<

n3r

User avatar

Jr. Member
Jr. Member

Posts: 95

Joined: Wed Sep 28, 2011 1:06 am

Location: paris

Post Wed Nov 16, 2011 9:58 am

Re: Anyone read the Web Application Hackers Handbook version 2?

by the way do you use Burp suite or the professionnal version ?
<<

alucian

User avatar

Full Member
Full Member

Posts: 228

Joined: Mon Dec 29, 2008 2:01 pm

Location: Montreal, Canada

Post Wed Nov 16, 2011 10:43 am

Re: Anyone read the Web Application Hackers Handbook version 2?

I have both of them.

The commercial one will be better suited for the cases where you'll need the intruder. You will not need the scanner for the exercises, because you know what is the vulnerability.
CISSP ISSAP, CISM/A, GWAPT, GCIH, GREM, GMOB, OSWP
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Wed Nov 16, 2011 11:54 am

Re: Anyone read the Web Application Hackers Handbook version 2?

alucian wrote:For the begginers I recommend Elearnsecurity course first, and then build in its foundation using the book.


This is exactly what I'm doing right now and it's working out well!  Being the beginner I am with limited web programming experience, I think WAHHv2 is a great book.  Talks about the different security mechanisms used in web apps and how they work, helps give you different perspectives when faces with different vulnerabilities, different ways to exploit the vulnerabilities, etc.  Right now I'm reading the sections of WAHH that match with what I'm learning with eLearnSecurity, but after the class/exam is up I'll be giving the book a more thorough read through.
GSEC, eCPPT, Sec+
<<

midnight monster

User avatar

Newbie
Newbie

Posts: 38

Joined: Fri Nov 11, 2011 9:46 am

Location: In the darkness

Post Thu Nov 17, 2011 12:02 am

Re: Anyone read the Web Application Hackers Handbook version 2?

yes i start reading it and its awsome
MCITP - Network +
<<

millwalll

Post Thu Nov 17, 2011 4:40 am

Re: Anyone read the Web Application Hackers Handbook version 2?

I am reading it now too on about chapter 11 as my web foo needs improving too.
<<

easy

Newbie
Newbie

Posts: 15

Joined: Mon Nov 21, 2011 7:51 am

Post Mon Nov 21, 2011 7:59 am

Re: Anyone read the Web Application Hackers Handbook version 2?

TheXero wrote:Hi,

The got a no in the latest interview I had for a sec position because my web app security skills are not up to par.

So naturally I want to try and improve my chances so have decided to start doing some research on the subject and I have heard great things from the first WAHH (not read) but noticed a second edition was release in September/October time of this year.

Only reviews I have come across are on Amazon but was wandering if there was a EH-net review or what you guys think of the new book.

Regards,
TheXero


I have read the old one and 2 days ago i got the 2nd which 920 pages.

This book is very good to get started - intermediate.

Good Luck
<<

Cotica

User avatar

Newbie
Newbie

Posts: 2

Joined: Sat Dec 17, 2011 10:34 am

Post Sat Dec 17, 2011 10:44 am

Re: Anyone read the Web Application Hackers Handbook version 2?

I have it too and it's worth reading!

A suggestion to all of you...what do you think about discussing the solutions about the lab exercise?

Let me know!
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Sat Dec 17, 2011 2:31 pm

Re: Anyone read the Web Application Hackers Handbook version 2?

Hi Cotica,

Welcome to EthicalHacker.net. The solutions can actually be found below for edition 2:
Spoiler Alert.

If you were interested in labs where you can practice the material that is in the book itself, look into www.mdsec.net. There's an active thread here about it.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

alucian

User avatar

Full Member
Full Member

Posts: 228

Joined: Mon Dec 29, 2008 2:01 pm

Location: Montreal, Canada

Post Mon Dec 19, 2011 10:18 am

Re: Anyone read the Web Application Hackers Handbook version 2?

xXxKrisxXx wrote:Hi Cotica,

Welcome to EthicalHacker.net. The solutions can actually be found below for edition 2:
Spoiler Alert.



Those are the answers to the questions at the end of every chapter. I don't know if there are solutions for the labs.
CISSP ISSAP, CISM/A, GWAPT, GCIH, GREM, GMOB, OSWP
<<

eyenit0

User avatar

Jr. Member
Jr. Member

Posts: 52

Joined: Wed Sep 01, 2010 2:17 pm

Post Tue Jan 17, 2012 10:01 am

Re: Anyone read the Web Application Hackers Handbook version 2?

I'm almost all the way through the book and I found it very insightful. I wish the labs were free!
<<

vp75

Jr. Member
Jr. Member

Posts: 78

Joined: Tue May 01, 2007 6:46 am

Post Tue Jan 17, 2012 12:17 pm

Re: Anyone read the Web Application Hackers Handbook version 2?

Hi
Just go the few books recently including a book on XSS, The Basics of Hacking and Penetration testing, Web Application Hackers Handbook, not yet started as I'm reading currently reading The Basics of Hacking and Penetration testing. I will look into it soon....exciting (not enough hours to read in a day ???)
V
eCPPT
Next

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software