The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Web application security is a fun and thriving subject. We enjoyed writing this

book as much as we continue to enjoy hacking into web applications on a daily

basis. We hope that you will also take pleasure from learning about the differ-

ent techniques we describe and how these can be defended against.

Before going any further, we should mention an important caveat. In most

countries, attacking computer systems without the owner’s permission is

against the law. The majority of the techniques we describe are illegal if carried

out without consent.

The authors are professional penetration testers who routinely attack web

applications on behalf of clients, to help them improve their security. In recent

years, numerous security professionals and others have acquired criminal

records, and ended their careers, by experimenting on or actively attacking

computer systems without permission. We urge you to use the information

contained in this book only for lawful purposes.