"Author Mike Shema explains potential vulnerabilities and offers case studies based on actual attacks, looking at the topic from a forensic perspective to devise proper preventive measures. This is where the series will endear itself to Web application developers and to security professionals in particular.. This set of books assumes some basic familiarity with the Web. It should, however, appeal to all security professionals, from top-level executives and IT experts to the lowest rung of managers."--Security Management

"For the reader engaged in professional testing of this type the explanation of the issues and mitigation strategies will provide an ideal starting point for educating and advising clients.. For any reader looking for a sound basic introduction to web application security testing without wanting to spend too much this book can be recommended as an ideal place to start."--BCS British Computer Society

Introduction Chapter 1. Cross-Site Scripting (XSS) Chapter 2. Cross-Site Request Forgery (CSRF) Chapter 3. SQL Injection Chapter 4. Server Misconfiguration and Predictable Pages Chapter 5. Breaking Authentication Schemes Chapter 6. Logic Attacks Chapter 7. Web of Distrust

Mike Shema develops web application security solutions at Qualys, Inc. His current work is focused on an automated web assessment service. Mike previously worked as a security consultant and trainer for Foundstone where he conducted information security assessments across a range of industries and technologies. His security background ranges from network penetration testing, wireless security, code review, and web security. He is the co-author of Hacking Exposed: Web Applications, The Anti-Hacker Toolkit and the author of Hack Notes: Web Application Security. In addition to writing, Mike has presented at security conferences in the U.S., Europe, and Asia.