This book is a practical guide to discovering and exploiting security flaws in web applications. By "web application" we mean an application that is accessed by using a web browser to communicate with a web server. We examine a wide variety of different technologies, such as databases, file systems, and web services, but only in the context in which these are employed by web applications.
If you want to learn how to run port scans, attack firewalls, or break into servers in other ways, we suggest you look elsewhere. But if you want to know how to hack into a web application, steal sensitive data, and perform unauthorized actions, then this is the book for you. There is enough that is interesting and fun to say on that subject without straying into any other territory.
The focus of this book is highly practical. While we include sufficient background and theory for you to understand the vulnerabilities that web applications contain, our primary concern is with the tasks and techniques that you need to master in order to break into them. Throughout the book, we spell out the specific steps that you need to take to detect each type of vulnerability, and how to exploit it to perform unauthorized actions. We also include a wealth of real-world examples, derived from the authors' many years of experience, illustrating how different kinds of security flaw manifest themselves in today's web applications.
Security awareness is usually a two-edged sword. Just ...