COVID-19 Update: We are currently shipping orders daily. However, due to transit disruptions in some geographies, deliveries may be delayed. To provide all customers with timely access to content, we are offering 50% off Science and Technology Print & eBook bundle options. Terms & conditions.
Hacking Web Apps - 1st Edition - ISBN: 9781597499514, 9781597499569

Hacking Web Apps

1st Edition

Detecting and Preventing Web Application Security Problems

Author: Mike Shema
Paperback ISBN: 9781597499514
eBook ISBN: 9781597499569
Imprint: Syngress
Published Date: 29th August 2012
Page Count: 296
Sales tax will be calculated at check-out Price includes VAT/GST
Price includes VAT/GST

Institutional Subscription

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.


How can an information security professional keep up with all of the hacks, attacks, and exploits on the Web? One way is to read Hacking Web Apps. The content for this book has been selected by author Mike Shema to make sure that we are covering the most vicious attacks out there. Not only does Mike let you in on the anatomy of these attacks, but he also tells you how to get rid of these worms, trojans, and botnets and how to defend against them in the future. Countermeasures are detailed so that you can fight against similar attacks as they evolve.

Attacks featured in this book include:

• SQL Injection

• Cross Site Scripting

• Logic Attacks

• Server Misconfigurations

• Predictable Pages

• Web of Distrust

• Breaking Authentication Schemes

• HTML5 Security Breaches

• Attacks on Mobile Apps

Even if you don’t develop web sites or write HTML, Hacking Web Apps can still help you learn how sites are attacked—as well as the best way to defend against these attacks. Plus, Hacking Web Apps gives you detailed steps to make the web browser – sometimes your last line of defense – more secure.

Key Features

  • More and more data, from finances to photos, is moving into web applications. How much can you trust that data to be accessible from a web browser anywhere and safe at the same time?
  • Some of the most damaging hacks to a web site can be executed with nothing more than a web browser and a little knowledge of HTML.
  • Learn about the most common threats and how to stop them, including HTML Injection, XSS, Cross Site Request Forgery, SQL Injection, Breaking Authentication Schemes, Logic Attacks, Web of Distrust, Browser Hacks and many more.


Information Security professionals of all levels, web application developers, recreational hackers.

Table of Contents

About the Author



Book Overview and Key Learning Points

Book Audience

How This Book is Organized

Where to Go From Here

Chapter 1. HTML5

The New Document Object Model (DOM)

Cross-Origin Resource Sharing (CORS)


Web Storage

Web Workers

Flotsam & Jetsam


Chapter 2. HTML Injection & Cross-Site Scripting (XSS)

Understanding HTML Injection

Employing Countermeasures


Chapter 3. Cross-Site Request Forgery (CSRF)

Understanding Cross-Site Request Forgery

Employing Countermeasures


Chapter 4. SQL Injection & Data Store Manipulation

Understanding SQL Injection

Hacking Tangents: Mathematical and Grammatical

Breaking SQL Statements

Vivisecting the Database

Employing Countermeasures


Chapter 5. Breaking Authentication Schemes

Understanding Authentication Attacks

Employing Countermeasures


Chapter 6. Abusing Design Deficiencies

Understanding Logic & Design Attacks

Employing Countermeasures


Chapter 7. Leveraging Platform Weaknesses

Understanding the Attacks

Employing Countermeasures


Chapter 8. Browser & Privacy Attacks

Understanding Malware and Browser Attacks

Employing Countermeasures




No. of pages:
© Syngress 2012
29th August 2012
Paperback ISBN:
eBook ISBN:

About the Author

Mike Shema

Mike Shema develops web application security solutions at Qualys, Inc. His current work is focused on an automated web assessment service. Mike previously worked as a security consultant and trainer for Foundstone where he conducted information security assessments across a range of industries and technologies. His security background ranges from network penetration testing, wireless security, code review, and web security. He is the co-author of Hacking Exposed: Web Applications, The Anti-Hacker Toolkit and the author of Hack Notes: Web Application Security. In addition to writing, Mike has presented at security conferences in the U.S., Europe, and Asia.

Affiliations and Expertise

Web Application Security Solutions, Qualys, Inc.


"Preventing and fixing vulnerabilities is what this book is really about…The truth is that it’s most appropriate for anyone tasked with securing an organisation’s website. However, all web developers should be made to read it, whether they consider themselves coders or designers."--Network Security Newsletter, July 2013

"This book is equally valuable to technical security practitioners and less-technical security leaders alike.  I recommend anyone looking to develop their own web applications or defend against modern web application exploitation take advantage of Mike Shema’s expertise on this topic."--Doug Steelman, Chief Information Security Officer, Dell SecureWorks

"Hacking Web Apps by Mike Shema introduces novice security practitioners to the most threatening exploits plaguing modern web applications.  The book covers more than the raw concepts, by bringing in other vulnerabilities and showing how the various exploits relate to one another; and it does so in human readable terms."--Robert Hansen, CEO of Falling Rock Networks and SecTheory Ltd.

Ratings and Reviews