Average Reviews:
(More customer reviews)I'm still in the middle of the book, and I definitely will skim thru all the remaining pages (just because I paid for it), but I wouldn't recommend the book to anyone looking for serious and in-depth study on web security - the book just doesn't offer that. What it does is a list of possible attack vectors and sometimes offers "solutions" which can help to fight with the attacks. However, the attacks descriptions are shallow, solutions are very short and non-extensive and many of them go as far as telling a user to install NoScript extension for Firefox (huh? Web 2.0 doesn't work with no JavaScript).
There are also quadrillions of links to a security-related site (won't list it here) which offers a toolbar to checks your sites again the most common security problems. I don't have anything against links to useful tools of course, but THAT amount of links just makes this book look like an advertisement of the fore-mentioned site. Am not even talking about page space wasted to re-iterate "go to ...., install ...., click .... in order to test for ....." which usually take 0.5-1 pages. Users who read that sort of books can somehow figure out how to use a toolbar, I believe.
I'm not by any means a security expert, and this book did introduce me into the topic, but it didn't do anything beyond that. I still need to read some other book on the topic, and that book will probably contain the same info as the Hacking Web 2.0 Exposed (i.e. the very basic info on web expoits), so.. I actually just recommend to pass on this book at all, and look for something which covers the topic in greater depth.
Click Here to see more reviews about: Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions
Lock down next-generation Web services
"This book concisely identifies the types of attacks which are faced daily by Web 2.0 sites, and the authors give solid, practical advice on how to identify and mitigate these threats." --Max Kelly, CISSP, CIPP, CFCE, Senior Director of Security, Facebook
Protect your Web 2.0 architecture against the latest wave of cybercrime using expert tactics from Internet security professionals. Hacking Exposed Web 2.0 shows how hackers perform reconnaissance, choose their entry point, and attack Web 2.0-based services, and reveals detailed countermeasures and defense techniques. You'll learn how to avoid injection and buffer overflow attacks, fix browser and plug-in flaws, and secure AJAX, Flash, and XML-driven applications. Real-world case studies illustrate social networking site weaknesses, cross-site attack methods, migration vulnerabilities, and IE7 shortcomings.
Plug security holes in Web 2.0 implementations the proven Hacking Exposed way
Learn how hackers target and abuse vulnerable Web 2.0 applications, browsers, plug-ins, online databases, user inputs, and HTML forms
Prevent Web 2.0-based SQL, XPath, XQuery, LDAP, and command injection attacks
Circumvent XXE, directory traversal, and buffer overflow exploits
Learn XSS and Cross-Site Request Forgery methods attackers use to bypass browser security controls
Fix vulnerabilities in Outlook Express and Acrobat Reader add-ons
Use input validators and XML classes to reinforce ASP and .NET security
Eliminate unintentional exposures in ASP.NET AJAX (Atlas), Direct Web Remoting, Sajax, and GWT Web applications
Mitigate ActiveX security exposures using SiteLock, code signing, and secure controls
Find and fix Adobe Flash vulnerabilities and DNS rebinding attacks
0 comments:
Post a Comment