Hacking Web Apps by Mike Shema; O'Reilly Media

Hacking Web Apps

This book takes you on a rollercoaster ride bringing you well out of you comfort zone thinking about your security and privacy on the web. Mike manages to show you some easily exploitable quirks that may exist in most likely any webapplication. Quirks that you need to know exist if you are a web developer.

Having developed various websites over the years I knew of many of the entry points that could be used for hacking a website. Still I was educated when I read through this book. Something as simple as sending a Null character to a website that can sometimes render havoc if not managed properly. Also using unexpected encodings can cause problems. I was not surprised by this, but never thought it through earlier. It definitely made me reconsider my coding practices.

The chapter about wrecking the logical flow on a website was also very interesting, as it requires the developer of a site to be very certain about how state is managed. I think many sites might not handle this properly, so definitely a read worth. Next time I’m testing a website, this is something I will focus on much more, as Mike manages to make it seem so easy to hack the website using no extraordinary tools but a browser.

Mike also introduces the concept of hacking a barcode scanner by creating various barcodes, which may produce sql injections in the application managing the scanning. Also bringing the concept about QR-tags, which can also be misused. Also an area that should be considered properly when developing any app using real world integration.

All in all this is a book I can highly recommend. If you haven’t read it already, then what are you waiting for… It doesn’t matter if you are a developer or if you are just a security and privacy concerned webuser, this book should matter to you.


Disclaimer: I received a free electronic copy of this book as part of the O'Reilly Blogger Program

Buy this book at O’Reilly using the link below and support my blog

Hacking Web Apps

Comments are closed