Review of “The Basics of Web Hacking Tools and Techniques to Attack the Web” by Josh Pauli; O’Reilly Media
Josh Pauli, in this book tries to touch of the basics of web hacking -concepts, tools, methodologies and all. The author does a great justice providing enough pointers to start with and then delve as much deeper as ones interest.
It identifies different layers at which hacking can be done for example network layer, application layer etc., provides insight about the tools (Burp, Zed Attack Proxy, Nmap, Nessus etc.) which can be used at each layer –both free as well as paid ones, discusses what are the ways an application vulnerability can be attacked, good analogies to understand the issues better and many hands on example to try out each one of them. In fact analogies makes life much easier to understand stuff!
If you are developer and have not thought about the security issues before –it will be an eye-opener! Oh no, can this be hacked? Tools to monitor HTTP traffic (Browser extension as well as PC tools), types of XSS attack, how user’s trust and server’s trust can be fooled –many more concepts have been nicely touched upon. For advanced knowledge, author have given out an impressive list of book at the end.
One drawback –or maybe not, it’s really subjective, is that most of context is for Linux –so users working primarily with windows will have to map all linux stuff to windows parallel.
For the users who already are well versed with the tools, methodology and type of attacks -this might be a refresher, but at end it does justice for its title, BASICs.
A must have for everyone who want to understand the basic, what really a PEN test mean, want to “break” and fix application before the penetration test team does it! Have fun hacking your own website 😉