Description

Foreword

The World Wide Web is a huge and expanding mass of application code. The majority of
businesses, governments, and other organizations are now on the web, exposing their
systems and data to the world via custom application functionality. With today’s
development frameworks, it is easier than ever to create a functional web application
without knowing or doing anything about security. With today’s technologies, that
application is likely to be far more complex than those that have come before. Evolving
technologies bring with them more aĴack surface and new types of aĴack. Meanwhile,
old vulnerabilities live on and are reintroduced into new applications by each generation
of coders.
I n the recent past, numerous high-profile organizations have been compromised via
their web applications. Though their PR departments may claim they were victims of
highly sophisticated hackers, in reality the majority of these aĴacks have exploited
simple vulnerabilities that have been well understood for years. S maller companies that
don’t feel under the spotlight may actually be even more exposed. A nd many who are
compromised never know about it.
Clearly, the subject of web application security is more critical today than ever before.
There is a significant need for more people to understand web application aĴacks, both
on the offensive side (to test existing applications for flaws) and on the defensive side (to
develop more robust code in the first place). I f you’re completely new to web hacking,
this book will get you started. A ssuming no existing knowledge, it will teach you the
basic tools and techniques you need to find and exploit numerous vulnerabilities in
today’s applications. I f your job is to build or defend web applications, it will open your
eyes to the aĴacks that your own applications are probably still vulnerable to and teach
you how to prevent them from happening.
Dafydd Stuttard
Creator of Burp Suite
Coauthor of The Web Application Hacker’s H