Errata

Errata for Web Security Testing Cookbook

Submit your own errata for this product.

The errata list is a list of errors and their corrections that were found after the product was released. If the error was corrected in a later version or reprint the date of the correction will be displayed in the column titled "Date Corrected".

The following errata were submitted by our customers and approved as valid errors by the author or editor.

Color key: Serious technical mistake Minor technical mistake Language or formatting error Typo Question Note Update

Version	Location	Description	Submitted By	Date submitted
Printed	Page 23 Paragraph 6	Link to ViewState Decoder is http://www.pluralsight.com/tools.aspx This page does not exist. Better link is: http://www.pluralsight.com/community/media/p/51688.aspx	Anonymous	Nov 23, 2008
Printed,	Page 77 comment inside the for loop	The top of the ASCII printable range is 0x7F, not 0x1F Note from the Author or Editor: Line in example 5-2 should be changed to: # random char between "space" and 0x7F, which is the top of the Ironically, it's just a comment that's wrong. The code does the right thing.	Miguel Macias	Nov 07, 2010
Printed,	Page 90 2nd paragraph of Cross-site-scripting	The first IMG tag is not correct. To illustrate the XSS it could be: <IMG SRC='name.jpg' /> Note from the Author or Editor: Correction is right. The /> is missing.	Miguel Macias	Nov 08, 2010
Printed	Page 110 3rd paragraph	On a Mac, command: wget -r -R '.gif,.jpg,.png,.css,.js' should be: wget http://www.nova.org -r -R '.gif,.jpg,.png,.css,.js' Note from the Author or Editor: The suggested correction is exactly right.	Don Franke	Dec 27, 2008
Printed	Page 113 2	There is no -g flag for Nikto 2.03 (running on the Mac.) Note from the Author or Editor: This is bizarre. That option does not seem to exist at all in any of the versions of nikto I have laying around. Not only do I put it in the example code, but I put it in the discussion, too. Before this could be reprinted, this recipe should be rewritten some.	Don Franke	Dec 27, 2008
Printed,	Page 142 Example 7.7	The value of the 'action' attribute is not closed. It would be better than the 'passwd' field was of type password. The 'submit' field has not a name, so the browser never sends it. The curl command equivalent would be: curl -o output.html -d "userid=root" -d "passwd=fluffy" \ http://www.example.com/servlet/login.do Note from the Author or Editor: This needs multiple corrections. The first line needs a double-quote on the end (after .do). The line the commenter is reporting needs to be: <p><input type="submit" name="Login" value="login"></p> The password line should be changed to: <p>Password: <input type="password" name="passwd"></p>	Miguel Macias	Nov 07, 2010
Printed	Page 180 bottom paragraph	"users" should be "user's" Note from the Author or Editor: Yes. Should have an apostrophe.	Jeremy Schneider	Apr 01, 2009
Printed	Page 192 last paragraph	In "(as discussed in)", there should be a reference to Recipe 5.6. Note from the Author or Editor: Correct. Should say "as discussed in Recipe 5.6".	Jeremy Schneider	Apr 01, 2009
Printed	Page 220 last paragraph	In "Microsoft's also ....", there should be something after "Microsoft's". Note from the Author or Editor: Should say "Microsoft's Internet Explorer"	Jeremy Schneider	Apr 01, 2009
Printed	Page 223 5th paragraph	"Bank of America Online" should probably be something like, "Bank of America's Online Banking". Note from the Author or Editor: The errata description is correct. According to BoA's website, the correct term is "Bank of America's Online Banking." See: http://www.bankofamerica.com/accessiblebanking/index.cfm?template=ab_home_office&statecheck=AZ#online	Jeremy Schneider	Apr 01, 2009