Order from a Major Online Bookstore
Ultimate Book Price Comparison Engine
Save Your Time And Money
| AnyBook4Less.com | Order from a Major Online Bookstore |
|
| Home | Store List | FAQ | Contact Us | | ||
| Ultimate Book Price Comparison Engine Save Your Time And Money |
||
 |
Title: Web Applications (Hacking Exposed) by Joel Scambray, Mike Shema ISBN: 0-07-222438-X Publisher: McGraw-Hill Osborne Media Pub. Date: 19 June, 2002 Format: Paperback Volumes: 1 List Price(USD): $49.99 |
Average Customer Rating: 4.62 (8 reviews)
Rating: 5
Summary: The best web hacking book today
Comment: I just finished reading Hacking Exposed Web Apps and was coming back to Amazon to fwd the recommendation to a friend who is a CSO at a Fortune 500 firm when I stumbled upon the review from hermie. I have to say that I disagree completely with hermie's assessment, and felt compelled enough to say so in print! First of all, the book does cover a number of web platforms besides IIS -- it's the only one I've seen that talks about web services in any detail (SOAP, UDDI, XML, etc.), and it also devotes entire chapters to both web app management and web client hacking as well (very salient but often overlooked topics in other books). Main author Scambray may be a Windows security expert, but the non-Windows expertise is very visible in the appendix on libwhisker and the chapters on surveying the app, attacking session state, and input validation, etc. This also calls into question the criticisms by hermie of the specific detail versus the depiction of broad concepts -- if you are after ancient security concepts, then you plainly shouldn't be reading the Hacking Exposed series! That's the point of each book in the series -- use fresh, relevant technical details on how to hack to illustrate cutting-edge *concepts* in computer and Internet security. I think hermie really missed the boat here. Finally, the straw that broke the camels back for me was the comparison to "Web Hacking" by McClure. McClure is an executive now running his own start-up, and the knock that I've heard on this book is that it is really non-technical and out-of-date in sections. McClure brought in strong contributors to drive the details, but apparently couldn't glue the right pieces together to make this book competitive. I have a borrowed copy on my shelf, but frankly could not get past the first three or so chapters. Sigh -- I guess that's the breaks when anyone can post their thoughts here in the review section :)
Rating: 3
Summary: A decent introduction, but incomplete
Comment: I must admit, I was disappointed with Hacking Exposed Web Applications (HE:WA, as another reviewer called it). Overall, I thought it was basically mediocre.
My main fault with the book was that it was incomplete; equal and fair coverage was not given where it should be. For example, Chapter 9 "Attacking Web Datastores" should have been called "Attacking Microsoft SQL Server." While some of the general techniques (i.e. SQL injection attacks) in Chapter 9 could have been applied to any SQL RDBMS, much of it was very specific to a Windows/IIS/ASP/MSSQL setup. This doesn't help me much to write my bread-and-butter Unix/Apache/Perl/PostgreSQL or even
Java/Oracle apps any better.
It seems like the authors wrote their book to be "Hacking IIS Web Applications Exposed" and at the last minute decided to throw in some Apache and Unix here and there, with a sprinkling of Cold Fusion and Netscape Enterprise, to market the book more broadly. If they had just stuck within their expertise (Joel Scambray wrote for Microsoft TechNet's ironically-titled "Ask Us About... Security" column and wrote "Hacking Windows 2000 Exposed") and produced their original book, I think they'd of come up with a better product.
Another problem I have with HE:WA (and the whole HE series) is that they spend too much time on specific attacks and not enough time on the broader security concepts. For example, how useful is the first HE book today? How useful with HE:WA be in three years? I still recommend "Computer Security Basics" to anybody beginning in the security arena, and that book was published over a dozen years ago. CSB remains in print today because it teaches sound pragmatic security concepts that remain relevant today.
I will say, however, that HE:WA does do a better job than some of the other HE books about reinforcing broad concepts (like Input Validation) across all platforms and languages. I still do not feel they teach pragmatic security for web app development though, and it's being pragmatic that will save you from tomorrow's attack. (You've got to distrust your OS, double-check whatever your webserver says, hate your database, and ALWAYS validate your input and you'll be immune to almost all vulnerabilities discussed in HE:WA ).
Despite all the problems I have mentioned, this remains an okay book for a novice web developer looking to learn security, especially those of the One-True-Microsoft-Way persuasion. If you're looking for an alternative, I'm half way through "Web Hacking: Attacks and Defense" (co-authored by Hacking Exposed lead author Stuart McClure) on Safari. I like it better than HE:WA so far, and it seems to be fairly comparable on the target audience and topics covered (and it actually covers them!) I would give it a 4/5 or a 5/5 based on what I've read.
In conclusion, if you can only by one book on Web Application security, don't get this one. Otherwise, it is at least worth a skim and a spot on the bookshelf.
Rating: 5
Summary: A must have for developers serious about security
Comment: If you write web applications and are serious about their security, you need this book. The book gets you inside the mind of a hacker and shows you why simply having the latest patches and security updates is not enough.
 |
Title: Hacking Exposed: Network Security Secrets & Solutions, Fourth Edition (Hacking Exposed) by Stuart McClure, Joel Scambray, George Kurtz ISBN: 0072227427 Publisher: McGraw-Hill Osborne Media Pub. Date: 25 February, 2003 List Price(USD): $49.99 |
 |
Title: Web Hacking: Attacks and Defense by Stuart McClure, Saumil Shah, Shreeraj Shah ISBN: 0201761769 Publisher: Addison-Wesley Pub Co Pub. Date: 08 August, 2002 List Price(USD): $49.99 |
 |
Title: Windows 2000 (Hacking Exposed) by Joel Scambray, Stuart McClure ISBN: 0072192623 Publisher: McGraw-Hill Osborne Media Pub. Date: 29 August, 2001 List Price(USD): $49.99 |
 |
Title: Linux, Second Edition (Hacking Exposed) by Brian Hatch, James Lee ISBN: 0072225645 Publisher: McGraw-Hill Osborne Media Pub. Date: 04 December, 2002 List Price(USD): $49.99 |
 |
Title: Windows Server 2003 (Hacking Exposed) by Joel Scambray, Stuart McClure ISBN: 0072230614 Publisher: McGraw-Hill Osborne Media Pub. Date: 27 October, 2003 List Price(USD): $49.99 |
Thank you for visiting www.AnyBook4Less.com and enjoy your savings!
Copyright� 2001-2021 Send your comments
