Real-World Bug Hunting (A Field Guide to Web Hacking)
List Price:
$49.99
- Availability: Confirm prior to ordering
- Branding: minimum 50 pieces (add’l costs below)
- Check Freight Rates (branded products only)
Branding Options (v), Availability & Lead Times
- 1-Color Imprint: $2.00 ea.
- Promo-Page Insert: $2.50 ea. (full-color printed, single-sided page)
- Belly-Band Wrap: $2.50 ea. (full-color printed)
- Set-Up Charge: $45 per decoration
- Availability: Product availability changes daily, so please confirm your quantity is available prior to placing an order.
- Branded Products: allow 10 business days from proof approval for production. Branding options may be limited or unavailable based on product design or cover artwork.
- Unbranded Products: allow 3-5 business days for shipping. All Unbranded items receive FREE ground shipping in the US. Inquire for international shipping.
- RETURNS/CANCELLATIONS: All orders, branded or unbranded, are NON-CANCELLABLE and NON-RETURNABLE once a purchase order has been received.
Product Details
Author:
Peter Yaworski
Format:
Paperback
Pages:
264
Publisher:
No Starch Press (July 9, 2019)
Language:
English
ISBN-13:
9781593278618
ISBN-10:
1593278616
Weight:
18.2oz
Case Pack:
30
File:
RandomHouse-PRH_Book_Company_PRH_PRT_Onix_delta_active_D20260408T022402_155767679-20260408.xml
Folder:
RandomHouse
List Price:
$49.99
As low as:
$38.49
Publisher Identifier:
P-RH
Discount Code:
A
QuickShip:
Yes
Audience:
General/trade
Country of Origin:
China
Pub Discount:
65
Imprint:
No Starch Press
Dimensions:
7" x 9.25" x 0.61"
Overview
Uses real-world bug reports (vulnerabilities in software or in this case web applications) to teach programmers and InfoSec professionals how to discover and protect vulnerabilities in web applications.
Real-World Bug Hunting is a field guide to finding software bugs. Ethical hacker Peter Yaworski breaks down common types of bugs, then contextualizes them with real bug bounty reports released by hackers on companies like Twitter, Facebook, Google, Uber, and Starbucks. As you read each report, you'll gain deeper insight into how the vulnerabilities work and how you might find similar ones.
Each chapter begins with an explanation of a vulnerability type, then moves into a series of real bug bounty reports that show how the bugs were found. You'll learn things like how Cross-Site Request Forgery tricks users into unknowingly submitting information to websites they are logged into; how to pass along unsafe JavaScript to execute Cross-Site Scripting; how to access another user's data via Insecure Direct Object References; how to trick websites into disclosing information with Server Side Request Forgeries; and how bugs in application logic can lead to pretty serious vulnerabilities. Yaworski also shares advice on how to write effective vulnerability reports and develop relationships with bug bounty programs, as well as recommends hacking tools that can make the job a little easier.
Real-World Bug Hunting is a field guide to finding software bugs. Ethical hacker Peter Yaworski breaks down common types of bugs, then contextualizes them with real bug bounty reports released by hackers on companies like Twitter, Facebook, Google, Uber, and Starbucks. As you read each report, you'll gain deeper insight into how the vulnerabilities work and how you might find similar ones.
Each chapter begins with an explanation of a vulnerability type, then moves into a series of real bug bounty reports that show how the bugs were found. You'll learn things like how Cross-Site Request Forgery tricks users into unknowingly submitting information to websites they are logged into; how to pass along unsafe JavaScript to execute Cross-Site Scripting; how to access another user's data via Insecure Direct Object References; how to trick websites into disclosing information with Server Side Request Forgeries; and how bugs in application logic can lead to pretty serious vulnerabilities. Yaworski also shares advice on how to write effective vulnerability reports and develop relationships with bug bounty programs, as well as recommends hacking tools that can make the job a little easier.
