$84.35
In stock
$$84.35 () Includes selected options. Includes initial monthly payment and selected options. Details
Price
Subtotal
$$84.35
Subtotal
Initial payment breakdown
Delivery cost, delivery date and order total (including tax) shown at checkout.
Ships from
Amazon AU
Ships from
Amazon AU
Sold by
Amazon AU
Sold by
Amazon AU
Returns
Eligible for change of mind returns within 30 days of receipt
Eligible for change of mind returns within 30 days of receipt
This item can be returned in its original condition within 30 days of receipt for change of mind. If this item is damaged or defective, you may be entitled to a remedy after 30 days. Visit Returning Faulty Items for more information.
Read our returns policies
Returns
Eligible for change of mind returns within 30 days of receipt
This item can be returned in its original condition within 30 days of receipt for change of mind. If this item is damaged or defective, you may be entitled to a remedy after 30 days. Visit Returning Faulty Items for more information.
Read our returns policies
Payment
Secure transaction
Your transaction is secure
We work hard to protect your security and privacy. Our payment security system encrypts your information during transmission. We don’t share your credit card details with third-party sellers, and we don’t sell your information to others. Learn more
Payment
Secure transaction
We work hard to protect your security and privacy. Our payment security system encrypts your information during transmission. We don’t share your credit card details with third-party sellers, and we don’t sell your information to others. Learn more
Kindle app logo image

Download the free Kindle app and start reading Kindle books instantly on your smartphone, tablet or computer—no Kindle device required.

Read instantly on your browser with Kindle for Web.

Using your mobile phone camera, scan the code below and download the Kindle app.

QR code to download the Kindle App

Follow the author

Rich Cannings
+ Follow
More books from this author
Something went wrong. Please try your request again later.

Hacking Exposed Web 2.0: Web 2.0 Security Secrets And Solutions Paperback – Illustrated, 17 December 2007

by Rich Cannings (Author)
4.0 4.0 out of 5 stars 4 ratings
Edition: 1st
See all formats and editions
{"desktop_buybox_group_1":[{"displayPrice":"$84.35","priceAmount":84.35,"currencySymbol":"$","integerValue":"84","decimalSeparator":".","fractionalValue":"35","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"%2FfSUTRlixF7i3YxRlvtclW9wu1rMfYfKNBb6i8DhR1RBMmIDgHUEZbM0fS%2BKD5NywJdiuU5mt5Gdpcb5J%2BBRzV2PpkoaFOMA6AqQtuZzKH67M1MAXD7pGBWJjVVWBGjJI9owC3h71pNifmZfpY4TSiAhWfy3CJeF","locale":"en-AU","buyingOptionType":"NEW","aapiBuyingOptionIndex":0}]}

Purchase options and add-ons

Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.


Lock down next-generation Web services

"This book concisely identifies the types of attacks which are faced daily by Web 2.0 sites, and the authors give solid, practical advice on how to identify and mitigate these threats." --Max Kelly, CISSP, CIPP, CFCE, Senior Director of Security, Facebook

Protect your Web 2.0 architecture against the latest wave of cybercrime using expert tactics from Internet security professionals. Hacking Exposed Web 2.0 shows how hackers perform reconnaissance, choose their entry point, and attack Web 2.0-based services, and reveals detailed countermeasures and defense techniques. You'll learn how to avoid injection and buffer overflow attacks, fix browser and plug-in flaws, and secure AJAX, Flash, and XML-driven applications. Real-world case studies illustrate social networking site weaknesses, cross-site attack methods, migration vulnerabilities, and IE7 shortcomings.

  • Plug security holes in Web 2.0 implementations the proven Hacking Exposed way
  • Learn how hackers target and abuse vulnerable Web 2.0 applications, browsers, plug-ins, online databases, user inputs, and HTML forms
  • Prevent Web 2.0-based SQL, XPath, XQuery, LDAP, and command injection attacks
  • Circumvent XXE, directory traversal, and buffer overflow exploits
  • Learn XSS and Cross-Site Request Forgery methods attackers use to bypass browser security controls
  • Fix vulnerabilities in Outlook Express and Acrobat Reader add-ons
  • Use input validators and XML classes to reinforce ASP and .NET security
  • Eliminate unintentional exposures in ASP.NET AJAX (Atlas), Direct Web Remoting, Sajax, and GWT Web applications
  • Mitigate ActiveX security exposures using SiteLock, code signing, and secure controls
  • Find and fix Adobe Flash vulnerabilities and DNS rebinding attacks


Read more Read less
Previous page
  1. ISBN-10
    0071494618
  2. ISBN-13
    978-0071494618
  3. Edition
    1st
  4. Publisher
    McGraw-Hill Osborne Media
  5. Publication date
    17 December 2007
  6. Part of series
    Hacking Exposed
  7. Language
    English
  8. Dimensions
    18.54 x 1.5 x 22.86 cm
  9. Print length
    288 pages
  10. See all details
Next page

Product description

About the Author

Himanshu Dwivedi is a co-founder of iSEC Partners (www.isecpartners.com), an information security firm specializing in application security. At iSEC, Himanshu manages the firms product development efforts and co-manages the sales and marketing programs. Himanshu is also a renowned industry author with six security books published, including Mobile Application Security (McGraw Hill/Osborne), Hacking VoIP (No Starch Press), Hacking Exposed: Web 2.0 (McGraw Hill/Osborne), Hackers Challenge 3 (McGraw Hill/Osborne), Securing Storage (Addison Wesley), and Implementing SSH (Wiley). In addition to the books, Himanshu also has a patent pending on Fibre Channel security. Before starting iSEC Partners, Himanshu was the Regional Technical Director at @stake, Inc.

Zane Lackey is a Security Consultant with iSEC Partners, an information security organization. Zane regularly performs application penetration testing and code reviews for iSEC. His research focus includes AJAX web applications and VoIP security. Zane has spoken at top security conferences including BlackHat 2006/2007 and Toorcon. Additionally, he is a co-author of Hacking Exposed: Web 2.0 (McGraw-Hill/November 2007) and contributing author of Hacking VoIP (No Starch Press/October 2007). Prior to iSEC, Zane focused on Honeynet research at the University of California-Davis, Computer Security Research Lab, under noted security researcher Dr. Matt Bishop.

Product details

  • Publisher ‏ : ‎ McGraw-Hill Osborne Media; 1st edition (17 December 2007)
  • Language ‏ : ‎ English
  • Paperback ‏ : ‎ 288 pages
  • ISBN-10 ‏ : ‎ 0071494618
  • ISBN-13 ‏ : ‎ 978-0071494618
  • Dimensions ‏ : ‎ 18.54 x 1.5 x 22.86 cm
  • Customer Reviews:
    4.0 4.0 out of 5 stars 4 ratings

About the author

Follow authors to get new release updates, plus improved recommendations.
Rich Cannings

Rich Cannings

Brief content visible, double tap to read full content.
Full content visible, double tap to read brief content.

Discover more of the author’s books, see similar authors, read author blogs, and more

Customer reviews

4 out of 5 stars
4 out of 5
4 global ratings

Review this product

Share your thoughts with other customers
Write a customer review

Top reviews from Australia

There are 0 reviews and 0 ratings from Australia

Top reviews from other countries

Tom is Tom
4.0 out of 5 stars Good Info, some weak points
Reviewed in the United States on 18 February 2008
Verified Purchase
Hacking Exposed Web 2.0 is comparable to many of their series, Great information on getting started securing your box, but not without its drawbacks.

I dislike - the thin book, only about 220 useful pages (used to much fatter books). It also often jumps from quite difficult to quite easy often. The difficulty to setting up a test environment, this book would be quite easy for someone who developed all of these environments (from simple HTML and JavaScript to XML and SQL and more) to complete, but it is quite difficult to have these environments readily available to you for testing purposes.

The information is this book is extremely valuable, For a security enthusiast the information gives the reader a great starting point to build on. It has small, short projects (like the rest of the series) that can be completed in reasonable amount of time. It should be noted that this book (once again, like the rest of the series) does require a bit of a commitment, setting up the environment takes time, understanding the text, and doing the proper research will be what makes or breaks the experience for you and what you will gain from it. I would recommend it to anyone with a good understanding of web languages or a strong desire to learn about their security (or lack thereof).
One person found this helpful
 Report
Kornienko Mikhail
2.0 out of 5 stars Shallow and weak
Reviewed in the United States on 30 January 2008
Verified Purchase
I'm still in the middle of the book, and I definitely will skim thru all the remaining pages (just because I paid for it), but I wouldn't recommend the book to anyone looking for serious and in-depth study on web security - the book just doesn't offer that. What it does is a list of possible attack vectors and sometimes offers "solutions" which can help to fight with the attacks. However, the attacks descriptions are shallow, solutions are very short and non-extensive and many of them go as far as telling a user to install NoScript extension for Firefox (huh? Web 2.0 doesn't work with no JavaScript).

There are also quadrillions of links to a security-related site (won't list it here) which offers a toolbar to checks your sites again the most common security problems. I don't have anything against links to useful tools of course, but THAT amount of links just makes this book look like an advertisement of the fore-mentioned site. Am not even talking about page space wasted to re-iterate "go to ...., install ...., click .... in order to test for ....." which usually take 0.5-1 pages. Users who read that sort of books can somehow figure out how to use a toolbar, I believe.

I'm not by any means a security expert, and this book did introduce me into the topic, but it didn't do anything beyond that. I still need to read some other book on the topic, and that book will probably contain the same info as the Hacking Web 2.0 Exposed (i.e. the very basic info on web expoits), so.. I actually just recommend to pass on this book at all, and look for something which covers the topic in greater depth.
11 people found this helpful
 Report
Suzan K. Hawbaker
4.0 out of 5 stars Four Stars
Reviewed in the United States on 19 April 2016
Verified Purchase
good reference
Report