An O’Reilly book on web security testing is about to be released. I was a previewer for the book and have been reading chunks of the book these past months. The book is highly readable and packed with ideas. I learned a lot previewing the copy and chatting and emailing with Paco Hope and Ben Walther. See O’Reilly. Cheers to Ben and Paco.
Here’s a look at the table of contents –
Table of Contents
1. Introduction
2. Installing Free Tools
3. Basic Observation
4. Web-Oriented Data Encoding
5. Tampering with Input
6. Automated Bulk Scanning
7. Automating Tasks with cURL
8. Automating Tasks with LibWWWPerl
9. Seeking Design Flaws
10. Attacking AJAX
11. Manipulating Sessions
12. Multifaceted Tests
Here’s where you can find more: http://websecuritytesting.com/
Some of the free tools covered include: WebScarab, cURL, Cygwin and CAL9000. There are several others.
I was pretty tired when I posted last nite and realize I was lean on details. Hopefully this gives a better feel for the book.