The Web Application Hacker′s Handbook: Discovering and Exploiting Security Flaws Paperback – 19 Oct. 2007

I don't think there is another book that comes close to the Web Application Hackers Handbook at the moment. This book is well thought out and is both great to read from front to back on your first time through and then to use as a reference book later on.I have heard it referred to as the manual for Burp Suite Pro but as Burp Suite Pro should be in every web pen testers toolkit I don't think that is a bad thing. It does cover other tools too but the most important part is that it helps you understand what goes wrong with web apps and how to discover and exploit their flaws, this is much more important for web application security testing than knowing how to click 'go' on an automated scanner.I am looking forward to receiving the second edition and trying out the labs, it is not often in day-to-day pentesting that you get to practice all the techniques discussed in the book so the labs are a welcome edition.

I think it doesn't have a very good chapter about SQLi (teaching sqlmap for example), but it covers almost everything you will need to test on a webapp.It's somewhat focused in Burp Suite, a software made (I believe) by the authors of the book. But that shouldn't be a problem because it's the software you are probably going to use, as it is the less expensive and most stable software of the kind.

Very technical but very well explained hacking techniques for web pentesting. 100% Recommended as a reference book for any pentester.

Excellent book!!

This book is quite thick but it covers just about any aspect of web application security that one could possibly imagine. It provides a very readable content without diving into too much technical detail. Rather than focusing on a single technology, it covers various web frameworks and their specific vulnerabilities. Perhaps the most valuable part of the book is the final chapter in which an excellent methodology checklist is provided which allows one to verify security of a given web application step by step. After having finished this book I came to realize how valuable awareness of security issues is to the long term success of a give web application which must not only perform well but remain robust and stable to any and all security attacks.

If you have already purchased this book then you are in a very good way to find out truths and lies on Web Application penetration testing. This book touches almost all topics that regard Web Application security and attack vectors/methods (my only objection is the lack of Web Services security).Since there is no book that does-it-all, following the provided references is mandatory to successfully digest the entire information. Along with Andreu's, this is one of the books that will stay for long as an asset in your arsenal and operate as an day-to-day reference on Web Application pentesting.

The Web Application Hackers Handbook continues the tradition of the other books in the "Hackers Handbook" series in being specifically written for people who are serious about testing and protecting the security of their network and applications.As a full time Application tester most of the books I've read have been of little use, typically providing page filler examples of vulnerabilities and techniques that have been and gone or have offered little in the way of new information. This book however is bang up to date and teaches assessment techniques that will still be current for a long time to come.If you're hoping to pursue a career in security, need the best reference available, or are trying to get to grips with the threats posed to your web application, you should buy this book.At our organisation all of our technical staff have a copy and have all found it useful.

Perhaps not as much detail as I was looking for, but a good starting point for those with little experience in the area.