Web security is one of the hot topics that we cover quite a lot on Help Net Security and is something that generates news and catches the interest of ever growing number of Internet users. If you are completely out of web security waters, but would like to get a primer on it, this is a book to check out.
About the author
Dr. Josh Pauli teaches software security at Dakota State University and has presented on this topic to the US Department of Homeland Security, the NSA, BlackHat Briefings, and Def Con.
Inside the book
Syngress recently released a number of publications targeting novice users. The majority of these books are under 200 pages and try to provide a very focused view on the various topics. The Basics of Web Hacking was released this summer and in it Dr. Josh Pauli gives an overview of tools and techniques used for hacking the three pillars of web security - the server, the applications and the users.
The book is around 160 pages long, it covers just basics and its target audience are tech-savvy people that likely work in IT and have a non-existent or absolute minimal knowledge of web security concepts. The market for this type of publication is out there, especially in this day and age when everything migrates to the Internet.
The book contains both the theory, as well as practical information on the most common types of attacks that happen in a web environment. The author made the smart choice of using Damn Vulnerable Web Application (DVWA) as the software-based "test lab" where the readers can actually try some things that they just read about. If you are not familiar with DVWA, it is a PHP/MySQL web application which is (on purpose) full of security issues and can be easily downloaded and installed.
From the written material, you can see that the author is experienced when it comes to educating people on topics related to web software security. The book is full of little tidbits that could really help absolute beginners when, for instance, testing a specific security issue on DWVA, or using one of the featured tools (from platforms such as BackTrack to apps like Burp Suite or Zed Attack Proxy).
I read the book on Kindle and at least on that platform, part of the material could be edited a bit better. Also, as far as I'm concerned, the book would lose nothing if some of the filler-screenshots were to be cut out (such as those of menus in BackTrack showing what program icon someone needs to click to open the application).
The title itself reflects that its aim is to discuss the basics of web hacking, and this really is a book for absolute beginners in the world of web security.
If you are familiar with details or even main concepts that could be described with the term "web hacking", skip it, but if you are a novice user, the book will definitely prove to be a great way to start picking the basics. And, who knows, this could potentially get you involved in this very interesting and dynamic part of the information security.