Real-world Bug Hunting

A Field Guide to Web Hacking

Peter Yaworski

$95

Paperback

Not in-store but you can order this
How long will it take?

Availability Information

We source books from suppliers in Australia and overseas. For books we don't currently have in stock, the time it takes to get them from our suppliers can vary widely - from a few days to a few months - so we check each book with each supplier to determine the expected time it will take to be supplied to us.

We then advise you accordingly. If the time taken to get any book is too long for you, you can let us know and we will cancel or adjust your order, and refund as required.

To find out the anticipated arrival time for specific items prior to ordering, please contact us by phone or email:

Phone +61 2 9264 3111, or 1800 4 BOOKS (1800 4 26657) if outside Sydney:
option 1 Abbey's Bookshop (Crime, History, Science, Kids & more) • info@abbeys.com.au
option 2 Language Book Centre (ESL & Foreign Languages) • language@abbeys.com.au
option 3 Galaxy Bookshop (Sci-fi, Fantasy, Romance, Graphic Novels) • sf@galaxybooks.com.au

QTY:

English

No Starch Press,US
09 July 2019

Computer programming & software development

Uses real-world bug reports (vulnerabilities in software or in this case web applications) to teach programmers and InfoSec professionals how to discover and protect vulnerabilities in web applications.

Real-World Web Hacking is a field guide to finding software bugs. Ethical hacker Peter Yaworski breaks down common types of bugs, then contextualizes them with real bug bounty reports released by hackers on companies like Twitter, Facebook, Google, Uber, and Starbucks.

As you read each report, you'll gain deeper insight into how the vulnerabilities work and how you might find similar ones.

Each chapter begins with an explanation of a vulnerability type, then moves into a series of real bug bounty reports that show how the bugs were found. You'll learn things like how Cross-Site Request Forgery tricks users into unknowingly submitting information to websites they are logged into; how to pass along unsafe JavaScript to execute Cross-Site Scripting; how to access another user's data via Insecure Direct Object References; how to trick websites into disclosing information with Server Side Request Forgeries; and how bugs in application logic can lead to pretty serious vulnerabilities. Yaworski also shares advice on how to write effective vulnerability reports and develop relationships with bug bounty programs, as well as recommends hacking tools that can make the job a little easier.

By: Peter Yaworski
Imprint: No Starch Press,US
Country of Publication: United States
Dimensions: Height: 234mm, Width: 177mm,
Weight: 523g
ISBN: 9781593278618
ISBN 10: 1593278616
Pages: 264
Publication Date: 09 July 2019
Audience: General/trade , ELT Advanced
Format: Paperback
Publisher's Status: Active

Peter Yaworski is a self-taught developer and ethical hacker who began building websites exclusively with Drupal. Since then, he has expanded his interest to Rails, Android app development, and software security, while producing over 100 video tutorials and interviews on YouTube covering ethical hacking, web development, and Android to help teach others what he's learned. Peter continues to be an active bug bounty participant with thanks from Shopify, HackerOne, Salesforce, Twitter, Starbucks and the US Department of Defense among others.

Reviews for Real-world Bug Hunting: A Field Guide to Web Hacking

"""I am quite sure that [this book is] going to be one of the most recommended books for web app pen-testing. If it is not already."" —Sudo Realm ""A brilliant resource for anyone who aspires to be a professional bug hunter."" —Dana Epp, Security Boulevard"