Please Sign Up to Request This Product

The Basics of Web Hacking

Tools and Techniques to Attack the Web

You need to be an approved reviewer to request a product. Please sign up to request access or login to your account.

If you've already signed up and you haven't heard from us yet please email and we will check on your request.


The Basics of Web Hacking introduces you to a tool-driven process to identify the most widespread vulnerabilities in Web applications. No prior experience is needed. Web apps are a "path of least resistance" that can be exploited to cause the most damage to a system, with the lowest hurdles to overcome. This is a perfect storm for beginning hackers. The process set forth in this book introduces not only the theory and practical information related to these vulnerabilities, but also the detailed configuration and usage of widely available tools necessary to exploit these vulnerabilities.

The Basics of Web Hacking provides a simple and clean explanation of how to utilize tools such as Burp Suite, sqlmap, and Zed Attack Proxy (ZAP), as well as basic network scanning tools such as nmap, Nikto, Nessus, Metasploit, John the Ripper, web shells, netcat, and more. Dr. Josh Pauli teaches software security at Dakota State University and has presented on this topic to the U.S. Department of Homeland Security, the NSA, BlackHat Briefings, and Defcon. He will lead you through a focused, three-part approach to Web security, including hacking the server, hacking the Web app, and hacking the Web user.

With Dr. Pauli’s approach, you will fully understand the what/where/why/how of the most widespread Web vulnerabilities and how easily they can be exploited with the correct tools. You will learn how to set up a safe environment to conduct these attacks, including an attacker Virtual Machine (VM) with all necessary tools and several known-vulnerable Web application VMs that are widely available and maintained for this very purpose. Once you complete the entire process, not only will you be prepared to test for the most damaging Web exploits, you will also be prepared to conduct more advanced Web hacks that mandate a strong base of knowledge.

  • Provides a simple and clean approach to Web hacking, including hands-on examples and exercises that are designed to teach you how to hack the server, hack the Web app, and hack the Web user
  • Covers the most significant new tools such as nmap, Nikto, Nessus, Metasploit, John the Ripper, web shells, netcat, and more!
  • Written by an author who works in the field as a penetration tester and who teaches Web security classes at Dakota State University


On Nov 28 Chandan Pandey wrote: Hack and fix before someone hacks and break! Read it
Do you wonder why there is client side validation as well as server side, do you think: "man i have provided all client side validations -how the hell a wrong parameter can end up at server end" or I have used best practice, how my app can not be breached! Get this book. This book provides a brilliant overview of most of the security aspects and how to address/attack those -its then left up to the individual users interest to delve deeper. Full Review  >

Rating: StarStarStarStarStar4.0

On Nov 23 Neil Jacobson wrote: Great Primer for Security Neophytes
Training wheels for those just learning about security with instructions as to how to work towards removing those wheels Full Review  >

Rating: StarStarStarStarStar4.0

On Sep 30 Ninajean Slone wrote: Are you concerned? Maybe you should be?
Are you a developer? Maybe you're just plain Jane or Joe? Either way, you really should be concerned with web security.This book is a real good start whether you've been coding for years, or never wrote a line of code in your life. Full Review  >

Rating: StarStarStarStarStar5.0

Receive free ebooks and videos in exchange for your reviews.

Join the O'Reilly Reader Review Program

Learn more >


Top Reviewers

Michal Konrad Owsiak, 94 Reviews

Santosh Shanbhag, 61 Reviews

Surachart Opun, 60 Reviews

Doron Katz, 57 Reviews

Shawn Day, 55 Reviews

See More Reviewers >

Featured Review

Hands-On Programming with R

Tushar Jain wrote:
A new way of learning R
“Hands on programming with R” very nicely introduces its reader to R. The approach adopted… Full Review >

Rating: StarStarStarStarStar4.0