The Pre-Loved edit from Shopbop
To share your reaction on this item, open the Amazon app from the App Store or Google Play on your phone.
Add Prime to get Fast, Free delivery
Amazon prime logo
Buy new:
-13% $45.02
FREE delivery Sunday, January 26
Ships from: Amazon.com
Sold by: Amazon.com
$45.02 with 13 percent savings
List Price: $52.00
FREE Returns
FREE delivery Sunday, January 26
Or Prime members get FREE delivery Tomorrow, January 22. Order within 7 hrs 25 mins.
In Stock
$$45.02 () Includes selected options. Includes initial monthly payment and selected options. Details
Price
Subtotal
$$45.02
Subtotal
Initial payment breakdown
Shipping cost, delivery date, and order total (including tax) shown at checkout.
Ships from
Amazon.com
Amazon.com
Ships from
Amazon.com
Sold by
Amazon.com
Amazon.com
Sold by
Amazon.com
Returns
30-day refund/replacement
30-day refund/replacement
This item can be returned in its original condition for a full refund or replacement within 30 days of receipt.
Payment
Secure transaction
Your transaction is secure
We work hard to protect your security and privacy. Our payment security system encrypts your information during transmission. We don’t share your credit card details with third-party sellers, and we don’t sell your information to others. Learn more
{{numberOfItems}} item(s) added for {{price}}
$34.95
Get Fast, Free Shipping with Amazon Prime FREE Returns
Shows signs of wear. Jacket may be torn cover may have creases pages have some writing and highlighting. May have some water damage. May be a former library book. Ships direct from Amazon! Shows signs of wear. Jacket may be torn cover may have creases pages have some writing and highlighting. May have some water damage. May be a former library book. Ships direct from Amazon! See less
FREE delivery Monday, January 27 on orders shipped by Amazon over $35. Order within 7 hrs 25 mins
Only 1 left in stock - order soon.
$$45.02 () Includes selected options. Includes initial monthly payment and selected options. Details
Price
Subtotal
$$45.02
Subtotal
Initial payment breakdown
Shipping cost, delivery date, and order total (including tax) shown at checkout.
Access codes and supplements are not guaranteed with used items.
{{numberOfItems}} item(s) added for {{price}}
Kindle app logo image

Download the free Kindle app and start reading Kindle books instantly on your smartphone, tablet, or computer - no Kindle device required.

Read instantly on your browser with Kindle for Web.

Using your mobile phone camera - scan the code below and download the Kindle app.

QR code to download the Kindle App

Follow the author

Something went wrong. Please try your request again later.

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws 2nd Edition

4.7 4.7 out of 5 stars 1,043 ratings

{"desktop_buybox_group_1":[{"displayPrice":"$45.02","priceAmount":45.02,"currencySymbol":"$","integerValue":"45","decimalSeparator":".","fractionalValue":"02","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"ERcWmhCJf2h1DMKZS%2BPoPOM3r6u0Y6fB6C%2Fhu52zJ%2FiMf53ZgKk7C9azaHfI3ERgvdssMABHdf6UgLRIYrpEPAFfQbsy5T4C2I0w2QZAmGdHRfMXxkKvGH7jyW%2FD3cgaMRh8BsEDRCvNMQYPA45GMw%3D%3D","locale":"en-US","buyingOptionType":"NEW","aapiBuyingOptionIndex":0}, {"displayPrice":"$34.95","priceAmount":34.95,"currencySymbol":"$","integerValue":"34","decimalSeparator":".","fractionalValue":"95","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"ERcWmhCJf2h1DMKZS%2BPoPOM3r6u0Y6fBrBUCq9dzOlzzIzAaof5mDIDMVDHXD2SGkmmYcZvrWmXNxiYc7sxFPMu2hqbSEvsu%2B6yZ1vXYGhPAI2CvDrFFM9USpuVjNe78bvzyk%2FtpEvGL2mTy8IetvcjtKqo66nPbSU9f%2BXuFpLAF6B8iEe%2BKYw%3D%3D","locale":"en-US","buyingOptionType":"USED","aapiBuyingOptionIndex":1}]}

Purchase options and add-ons

The highly successful security book returns with a new edition, completely updatedWeb applications are the front door to most organizations, exposing them to attacks that may disclose personal information, execute fraudulent transactions, or compromise ordinary users. This practical book has been completely updated and revised to discuss the latest step-by-step techniques for attacking and defending the range of ever-evolving web applications. You'll explore the various new technologies employed in web applications that have appeared since the first edition and review the new attack techniques that have been developed, particularly in relation to the client side.
  • Reveals how to overcome the new technologies and techniques aimed at defending web applications against attacks that have appeared since the previous edition
  • Discusses new remoting frameworks, HTML5, cross-domain integration techniques, UI redress, framebusting, HTTP parameter pollution, hybrid file attacks, and more
  • Features a companion web site hosted by the authors that allows readers to try out the attacks described, gives answers to the questions that are posed at the end of each chapter, and provides a summarized methodology and checklist of tasks
Focusing on the areas of web application security where things have changed in recent years, this book is the most current resource on the critical topic of discovering, exploiting, and preventing web application security flaws..

Frequently bought together

This item: The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
$38.85
Get it Feb 10 - 11
In stock
Usually ships within 3 to 4 days.
Ships from and sold by Publisher Direct.
+
$35.33
Get it as soon as Sunday, Jan 26
In Stock
Ships from and sold by Amazon.com.
+
$31.26
Get it as soon as Sunday, Jan 26
In Stock
Ships from and sold by Amazon.com.
Total price: $00
To see our price, add these items to your cart.
Details
Added to Cart
spCSRF_Treatment
Some of these items ship sooner than the others.
Choose items to buy together.
Popular Highlights in this book

Editorial Reviews

Review

Review

Review

From the Author

Empty

Product details

  • Publisher ‏ : ‎ Wiley; 2nd edition (September 27, 2011)
  • Language ‏ : ‎ English
  • Paperback ‏ : ‎ 912 pages
  • ISBN-10 ‏ : ‎ 1118026470
  • ISBN-13 ‏ : ‎ 978-1118026472
  • Item Weight ‏ : ‎ 2.9 pounds
  • Dimensions ‏ : ‎ 7.4 x 2 x 9.2 inches
  • Customer Reviews:
    4.7 4.7 out of 5 stars 1,043 ratings

About the author

Follow authors to get new release updates, plus improved recommendations.
Dafydd Stuttard
Brief content visible, double tap to read full content.
Full content visible, double tap to read brief content.

Discover more of the author’s books, see similar authors, read book recommendations and more.

Customer reviews

4.7 out of 5 stars
1,043 global ratings

Review this product

Share your thoughts with other customers

Customers say

Customers find the book provides good information on web application hacking and security. They describe it as a comprehensive guide for learning and expanding their skills. The book is considered an excellent reference for pros and beginners alike.

AI-generated from the text of customer reviews

55 customers mention "Information content"49 positive6 negative

Customers find the book provides great information and is comprehensive. They find it an excellent reference for web app/security experts with good explanations and references. The book breaks down topics in depth, covering topics like Cross-Site Scripting, Cross-Site Request Forgeries, SQL injection, and tools you can use to learn more about a website.

"...The authors highlight many kinds of tools you can use to learn more about a website, including a product they developed themselves called Burp..." Read more

"...When I say the labs are stellar, I mean it. The labs come almost straight from the class and start trivial and then get crazy...." Read more

"It’s an excellent reference book however I was more than surprised that the word IDOR is not mentioned anywhere in the book...." Read more

"...There is no other book out there to date that is as exhaustive as this book and covers absolutely everything you need to know to defend and exploit." Read more

18 customers mention "Web security"18 positive0 negative

Customers find the book helpful for learning and expanding their skills in web application hacking. They say it's comprehensive and focused on Burp, the creator of Burp Suite. The book provides techniques and strategies for attacking and defending web applications.

"This book offers tons of techniques and strategies for attacking and defending web applications...." Read more

"This book remains the authority in web application hacking...." Read more

"This book is a must have if you want to master your skills in web applications hacking and want to have access to a lot of different approaches,..." Read more

"...for beginners since it discusses a lot of techniques and strategies pertaining to attacking and defending web applications...." Read more

Best Hacking Book on the Market
5 out of 5 stars
Best Hacking Book on the Market
I see a lot of negative review here but hold on we are talking about hacking here not making soda pop. I can understand the frustration from some of the readers but come on first concept of hacking is recon so guys you should have done your homework more thoroughlyIf you had done so this would have led you to the Portswigger page explaining in depth the correct use and application of the Burpsuite tools using the OWASP broken web projectAll examples can be done using manual or automated testing for you that done own the PRO version, once you have seen the power of this tool YOU WILL buy the PRO versionThe best book on the market by a mile in fact this is the standard other authors should follow
Thank you for your feedback
Sorry, there was an error
Sorry we couldn't load the review

Top reviews from the United States

  • Reviewed in the United States on October 23, 2016
    This book offers tons of techniques and strategies for attacking and defending web applications. The beginning chapters discuss the major components of websites and their vulnerabilites.

    The middle of the book gets much more specific showing "Hack Steps" for different components like the client side, sessions, databases, and authentication.

    Sections about custom code development show how you can develop your own solution to probe a web app. There were code examples in different languages such as JavaScript, C++, Java, and ASP.NET. The authors highlight many kinds of tools you can use to learn more about a website, including a product they developed themselves called Burp Suite.

    For readers interested in the testing the techniques there is a website offered by the book but it costs $7 an hour to play around on the site. This fee is for keeping the website running apparently, but I thought it would make more sense to have a monthly fee. I did not subscribe to this site myself though because I was more interested in getting a broad overview of website security.

    The book is showing its 2011 publication date in some places. For example, IE and Firefox are said to be the dominant browsers while Chrome is a minor player. Additionally, Flash and Silverlight are spoken of as being components of many websites. One issue was I was not really sure where techniques might be outdated and others are still relevant.

    I would definitely be interested in a 3rd edition for this book. The authors presented a solid foundation for learning about website security.
    18 people found this helpful
    Report
  • Reviewed in the United States on October 14, 2011
    There's a running joke we have on our assessment team about the Web Application Hackers Handbook. Every time we see a new technology, or have to deal with a one-off situation, we start doing research online only to find it was already referenced in WAHH somewhere. We've all read this book several times too, it's like Dafydd and Marcus sneak into our houses at night and add content...

    Joking aside though, there is no other reference for web hacking as thorough or complete as WAHH.

    With WAHH2 the authors added a significant amount content and rehashed existing chapters that were already deeply technical. The bonus in WAHH2 is its associated labs. Dafydd and Marcus have been giving a live WAHH training for years and have now moved the stellar CTF like challenges to the cloud. You can buy credits ($7 for 1hr) and move right along as you read the book (MDSec.net). When I say the labs are stellar, I mean it. The labs come almost straight from the class and start trivial and then get crazy. The injection labs were by far my favorite, housing 30-40 different injection types/variants each between XSS/SQLi. The CTF in the class (which i'll mention again is where the MDSec.com labs are based from) gets ridiculous toward the end. Even seasoned web testers fall around questions 14-16. But i digress...

    WAHH2 is now the defacto buy for any pentest/QA/Audit team. Its usage will surpass any other book on your bookshelf if you are doing practical testing.

    5 stars, i'd give it 10 if I could.
    77 people found this helpful
    Report
  • Reviewed in the United States on April 8, 2013
    Reading this book up to around page 600 made me seriously question how anyone could give it less than 5 stars. The amount of knowledge it gave me for a mere $25 is absolutely astounding. I was eagerly waiting to finish it so I could come review it.

    Then I finished it, and I understood some of the criticisms. It starts to feel like it's repeating itself after a while, and the product placement for Burp start to become a bit more annoying.

    Still, the rest of the book is chock full of great, detailed information. If you're like me and had a basic understanding of how SQL injection worked, but wanted to get a deeper look, this book is perfect. If you chopped off the last 200 pages you would have a book that was STILL worth well over $25. It's hard for me to give it less than 5 stars when my major complaint is that it gives too much information.

    Bottom line: if you're a beginner or intermediate to web application security and you're wondering whether you should buy this, just do it. You won't be disappointed.
    30 people found this helpful
    Report
  • Reviewed in the United States on August 23, 2024
    All OK.
  • Reviewed in the United States on May 17, 2024
    It’s an excellent reference book however I was more than surprised that the word IDOR is not mentioned anywhere in the book. IDOR is one of the top most critical vulnerabilities in web hacking. I am not sure how it could be missed?
  • Reviewed in the United States on July 29, 2022
    This book remains the authority in web application hacking. There is no other book out there to date that is as exhaustive as this book and covers absolutely everything you need to know to defend and exploit.
    4 people found this helpful
    Report
  • Reviewed in the United States on November 30, 2018
    I can't even tell you how many times I find myself referencing this book. Despite what some have suggested you don't need to have Burp Suite or do any labs. It's so full of insightful knowledge that it can replace a whole reference library all by itself. It doesn't just show you "how-tos" but helps you THINK differently - better - methodical. One little example is how the authors present the idea of overcoming filtering deployed by a WAF or web server. "<script>" might get filtered but what would happen if you passed "<scr<script>ipt>"? Now run with it and get creative! Can't thank the authors enough for their contribution. This is right up there with Homer's Odyssey, Shakespeare's Romeo and Juliet and quite frankly, The Bible. Ok, maybe that's pushing it but you get the idea.
    37 people found this helpful
    Report

Top reviews from other countries

Translate all reviews to English
  • Maria Ines Parnisari
    5.0 out of 5 stars Still relevant!
    Reviewed in Canada on July 6, 2023
    This book took me months to finish, but it's worth it. Some of the hacking tools mentioned don't exist anymore and you cannot test the vulnerabilities on the WAHH website because it doesn't exist. All the vulnerabilities mentioned are still relevant, except for a few related to Flash and Silverlight which I promptly skipped. The summary and questions at the end of each chapter are good to consolidate knowledge.

    Chapter 12 on cross site scripting is simultaneously the longest, most important, and most boring, in my opinion.

    It's funny that there is an entire chapter (9) devoted to SQL but only a paragraph about NoSQL which says "it's not popular enough so we won't discuss it". How times have changed!
  • Max Ribeiro
    5.0 out of 5 stars Top demais, a biblia do web hacking!
    Reviewed in Brazil on March 10, 2023
    Produto chegou apenas com umas marquinhas na capa, mas pra um produto importado até que esta bem conservado, conteúdo perfeito, com certeza vou passar esse livro pros meus filhos e filhos dos meus filhos!
  • ALİ BAYKARA
    5.0 out of 5 stars Portswigger web academy
    Reviewed in Turkey on November 9, 2024
    Portswigger web academy labları yardımcı olması için aldım kesinlikle alınır
  • Placeholder
    5.0 out of 5 stars Book is useful
    Reviewed in India on September 9, 2024
    I have only read 10 to 30 pages of this book but the language and content that I found in it is high quality content and is very important topics are covered inside this book you can get a full road map and many useful important knowledge from this book's content
  • Solange
    5.0 out of 5 stars Perfect condition
    Reviewed in Germany on July 21, 2023
    The product was in a very good condition and the delivery should be placed on 25 of July but I received it on 21 :D
    I'm very satisfied.
    I recommend