Web Security Testing Cookbook

Errata for Web Security Testing Cookbook

Submit your own errata for this product.


The errata list is a list of errors and their corrections that were found after the product was released. If the error was corrected in a later version or reprint the date of the correction will be displayed in the column titled "Date Corrected".

The following errata were submitted by our customers and approved as valid errors by the author or editor.

Color Key: Serious Technical Mistake Minor Technical Mistake Language or formatting error Typo Question Note Update



Version Location Description Submitted By Date Submitted Date Corrected
Printed
Page 23
Paragraph 6

Link to ViewState Decoder is http://www.pluralsight.com/tools.aspx This page does not exist. Better link is: http://www.pluralsight.com/community/media/p/51688.aspx

Anonymous  Nov 23, 2008 
Printed, Safari Books Online
Page 77
comment inside the for loop

The top of the ASCII printable range is 0x7F, not 0x1F

Note from the Author or Editor:
Line in example 5-2 should be changed to: # random char between "space" and 0x7F, which is the top of the Ironically, it's just a comment that's wrong. The code does the right thing.

Miguel Macias  Nov 07, 2010 
Printed, Safari Books Online
Page 90
2nd paragraph of Cross-site-scripting

The first IMG tag is not correct. To illustrate the XSS it could be: <IMG SRC='name.jpg' />

Note from the Author or Editor:
Correction is right. The /> is missing.

Miguel Macias  Nov 08, 2010 
Printed
Page 110
3rd paragraph

On a Mac, command: wget -r -R '*.gif,*.jpg,*.png,*.css,*.js' should be: wget http://www.nova.org -r -R '*.gif,*.jpg,*.png,*.css,*.js'

Note from the Author or Editor:
The suggested correction is exactly right.

Don Franke  Dec 27, 2008 
Printed
Page 113
2

There is no -g flag for Nikto 2.03 (running on the Mac.)

Note from the Author or Editor:
This is bizarre. That option does not seem to exist at all in any of the versions of nikto I have laying around. Not only do I put it in the example code, but I put it in the discussion, too. Before this could be reprinted, this recipe should be rewritten some.

Don Franke  Dec 27, 2008 
Printed, Safari Books Online
Page 142
Example 7.7

The value of the 'action' attribute is not closed. It would be better than the 'passwd' field was of type password. The 'submit' field has not a name, so the browser never sends it. The curl command equivalent would be: curl -o output.html -d "userid=root" -d "passwd=fluffy" \ http://www.example.com/servlet/login.do

Note from the Author or Editor:
This needs multiple corrections. The first line needs a double-quote on the end (after .do). The line the commenter is reporting needs to be: <p><input type="submit" name="Login" value="login"></p> The password line should be changed to: <p>Password: <input type="password" name="passwd"></p>

Miguel Macias  Nov 07, 2010 
Printed
Page 180
bottom paragraph

"users" should be "user's"

Note from the Author or Editor:
Yes. Should have an apostrophe.

Jeremy Schneider  Apr 01, 2009 
Printed
Page 192
last paragraph

In "(as discussed in)", there should be a reference to Recipe 5.6.

Note from the Author or Editor:
Correct. Should say "as discussed in Recipe 5.6".

Jeremy Schneider  Apr 01, 2009 
Printed
Page 220
last paragraph

In "Microsoft's also ....", there should be something after "Microsoft's".

Note from the Author or Editor:
Should say "Microsoft's Internet Explorer"

Jeremy Schneider  Apr 01, 2009 
Printed
Page 223
5th paragraph

"Bank of America Online" should probably be something like, "Bank of America's Online Banking".

Note from the Author or Editor:
The errata description is correct. According to BoA's website, the correct term is "Bank of America's Online Banking." See: http://www.bankofamerica.com/accessiblebanking/index.cfm?template=ab_home_office&statecheck=AZ#online

Jeremy Schneider  Apr 01, 2009