Covering new technologies used to search for vulnerabilities on websites from a hacker’s point of view, this book on Web security and optimization provides illustrated, practical examples such as attacks on click counters, flooding, forged parameters passed to the server, password attacks, and DoS and DDoS attacks. Including an investigation of the most secure and reliable solutions to Web security and optimization, this book considers the many utilities used by hackers, explains how to write secure applications, and offers numerous interesting algorithms for developers. The CD included contains programs intended for testing sites for vulnerabilities as well as useful utilities for Web security.

errors
I am sitting in my college library and have been reading this book for about 5 minutes and have already found a huge error. When the author talks about safe file opening proceddures in php when using client inputed paramaters for a filename he suggests adding an extension to the end of the string before opening such as .fgfdfg so when an attacker attempts a string such as:
../../../../../../../../etc/passwd
it will try to open the non existent file /etc/passwd.fgfdfg
but any hacker worth his weight would just enter the string with a null bytesuch as:
../../etc/passwd%00
thus clipping the extension from the end. cause opening /etc/passwd\0.bsbs will open passwd

I havent read much more of the book but this huge error makes me want to put it back on the shelf. Overall, good for begginers I guess.... but theres better books out there and I wouldnt trust this one.

Peace
HexaTex

Thin on the good stuff
While I found most of the information in this book to be valuable, and didn’t find any errors, the types of attacks discussed seemed very lopsided. The author talks in great length about DOS attacks on websites as well as SQL injection and command injection by exploiting input validation errors, but only covers PHP, ASP, and to some degree Perl. The XSS discussion was only 7 pages, and authentication was only 5 pages! This book is a great starting place, but if you’ve got any experience with web security you might want to look elsewhere. Additionally the book provides demonstrations using only commercial software that the author wrote. This alone made me extremely suspicious. There were no significant examples or discussion of other tools for testing web applications for vulnerabilities.