Cross Site Scripting Exploits and Defense

Subject: XSS attacks, tools and how to exploite them.

Comments: Some times is not explaining enough the code displayed in examples but over all impression is very cood.

Authors: RSnake,pdp,Anton Rager and Jeremiah Grossman.

Audience: Pentesters and web developers.

Rating: 9/10.

The Web Application Hacker’s Handbook

Subject: Explains how to Hack web Applications (you can find in Amazon)

Comment: Not too technical, very well written.

Authors: Dafydd Stuttard (Author) and Marcus Pinto (Author)

Audience: Pen testers, Web Administrator, Web Developers, Security Analysts

Rating: 10/10.

Ajax Security

Subject: Explains Ajax attacks, and how to exploite them but sometimes is too theoretical.

Authors: Billy Hoffman and Bryan Sullivan

Audience: Pentesters, Security Analysts, technical Project Managers and web developers.

Rating: 8/10.

The Shellcoder’s Handbook

Subject: Explains how to write exploits using low level tools.

Description: Found hard to understand some chapters, but over all impression was good.

Authors: Jack Koziol, David Litchfield, Dave Aitel, Chris Anley , Sinan “noir” Eren, Neel Mehta and Riley Hassell

Audience: Pure Geeks.

Rating: 7/10.

Web 2.0 Security – Defending AJAX, RIA, AND SOA

Security book" width="240" height="240" />

Subject: Explains how to test ajax and talks about how can you design secure Ajax based apps.

Comment: Boring, want tell you something very useful unless you dont know mush about security.

Authors: Shreeraj Shah .

Audience: Mostly Pentesters, Security Analysts and Web developers.

Rating: 6.5/10.

Pro Web 2.0 Application Development with GWT

Comment: Boring, want tell you something very useful unless you do n’t know mush about security.

Authors: Jeff Dwyer.

Audience: Web developers.

Rating: 5/10.

The Database Hacker’s Handbook

Subject: Explains how to test database security.

Comment: Very technical.

Authors: David Litchfield, Chris Anley, John Heasman, Bill Grindlay .

Audience: Pentesters.

Rating: 8/10.

Security fuzzing

Subject: Explains how to fuzz.

Comment: Very technical.

Authors: Michael Sutton.

Audience: Pentesters.

Rating: 9/10.

Exploiting

Hacking: The Art of Exploitation, 2nd Edition

Subject: Explains how to hack starting form a very low level.

Comment: Very technical.

Authors: Jon Erickson.

Audience: Pentesters.

Rating: 9/10.

The Definitive Guide of Http

Subject: Explains how http works.

Comment: Not too technical, very well written.

Authors: David Gourley (Author) and Brian Totty (Author)

Audience: Pen testers, Web Administrator, Web Developers.

Rating: 9/10.

Secrets of Reverse Engineering

Subject: Explains on how to reverse engineer.

Comment: Not too technical, very well written.

Authors: Eldad Eilam.

Audience: Pen testers, Web Administrator, Web Developers.

Rating: 9/10.