How to Break Web Software: Functional and Security Testing of Web Applications and Web Services 1st Edition, Kindle Edition

4.3 out of 5 stars 22 ratings
Flip to back Flip to front
Audible Sample Playing... Paused   You are listening to a sample of the Audible narration for this Kindle book.
Learn more
ISBN-13: 978-0321369444
ISBN-10: 0321369440
Why is ISBN important?
This bar-code number lets you verify that you're getting exactly the right version or edition of a book. The 13-digit and 10-digit formats both work.
Scan an ISBN with your phone
Use the Amazon App to scan ISBNs and compare prices.
Kindle App Ad
Digital List Price: $43.99

Deliver to your Kindle or other device

Buy for others

Give as a gift or purchase for a team or group.Learn more

Buying and sending eBooks to others

Select quantity
Buy and send eBooks
Recipients can read on any device

Additional gift options are available when buying one eBook at a time.  Learn more

These ebooks can only be redeemed by recipients in the US. Redemption links and eBooks cannot be resold.

This item has a maximum order quantity limit.
See all 7 formats and editions Hide other formats and editions
New from Used from

Limited-time deal : Top Cookbooks pantry

click to open popover

Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.

  • Apple
  • Android
  • Windows Phone
    Windows Phone
  • Click here to download from Amazon appstore

To get the free app, enter your mobile phone number.

Amazon Business : For business-only pricing, quantity discounts and FREE Shipping. Register a free business account

Editorial Reviews

Excerpt. © Reprinted by permission. All rights reserved.


Numerous times we've been asked when the next book in the How to Break... series will come out and what it's going to be about. The overwhelming request from our readers has been on the subject of Web applications. It seems many testers find they are working in this area and are facing the prospect of testing applications that employ applications' specialized protocols and languages that exist on the World Wide Web.

Although many of the tests from How to Break Software (Addison-Wesley, 2002) and How to Break Software Security (Addison-Wesley, 2003) are relevant in this environment, applications hosted on the Internet do suffer from some unique problems. This book tackles those problems in the same spirit of its predecessors with a decided slant toward security issues in Web applications.

Before we go into what this book is all about, first let us tell you what it isn't all about. We are not trying to rewrite the Hacking Exposed books. Although there is an overlap of subject matter with the hacking literature, our intention is not to show how to exploit a Web server or Web application. Our focus is about how to test Web applications for common failures that can lead to such exploitation.

How to Break Web Software is a book written for software developers, testers, managers, and quality assurance professionals to help put the hackers out of business.

This focus necessarily means knowledge of hacker techniques is included in this book. After all, one needs to understand the techniques of their adversary in order to counter them. But, this book is about testing, not about exploitation. Our focus is to guide testers toward areas of the application that are prone to problems and methods of rooting them out.

This book isn't about creating a correct Web application architecture, nor is it about coding Web applications. There are other published opinions on this and each Web development platform has its own unique challenges that must be considered, which books like Innocent Code do so well. How to Break Web Software, however, does contain a lot of information about how not to architect and code a Web application. Thus, Web developers would be wise to consider it as part of their reference library on secure Web programming.

What this book is about is pointing the tester toward specific attacks to try on their application to test its defenses. We will be looking at classic examples of malicious input, ways of bypassing validation and authorization checks, as well as problems inherited from certain configurations/languages/architectures—all in a simple format that will show where to look for the problem, how to test for the problem, and advice on methods of mitigation. How to Break Web Software is intended as a one-stop shop for people to dip into to get information (and inspiration) to test web-based applications for common problems.

Happy Web testing!

Mike Andrews, Orange County, California

James A. Whittaker, Melbourne, Florida

From the Inside Flap

"The techniques in this book are not an option for testers–they are mandatory and these are the guys to tell you how to apply them!"
–HarryRobinson, Google.


Rigorously test and improve the security of all your Web software!


It’s as certain as death and taxes: hackers will mercilessly attack your Web sites, applications, and services. If you’re vulnerable, you’d better discover these attacks yourself, before the black hats do. Now, there’s a definitive, hands-on guide to security-testing any Web-based software: How to Break Web Software.


In this book, two renowned experts address every category of Web software exploit: attacks on clients, servers, state, user inputs, and more. You’ll master powerful attack tools and techniques as you uncover dozens of crucial, widely exploited flaws in Web architecture and coding. The authors reveal where to look for potential threats and attack vectors, how to rigorously test for each of them, and how to mitigate the problems you find. Coverage includes


·   Client vulnerabilities, including attacks on client-side validation

·   State-based attacks: hidden fields, CGI parameters, cookie poisoning, URL jumping, and session hijacking

·   Attacks on user-supplied inputs: cross-site scripting, SQL injection, and directory traversal

·   Language- and technology-based attacks: buffer overflows, canonicalization, and NULL string attacks

·   Server attacks: SQL Injection with stored procedures, command injection, and server fingerprinting

·   Cryptography, privacy, and attacks on Web services


Your Web software is mission-critical–it can’t be compromised. Whether you’re a developer, tester, QA specialist, or IT manager, this book will help you protect that software–systematically.


Companion CD contains full source code for one testing tool you can modify and extend, free Web security testing tools, and complete code from a flawed Web site designed to give you hands-on practice in identifying security holes.

Product details

Customer reviews

4.3 out of 5 stars
4.3 out of 5
22 customer ratings
How does Amazon calculate star ratings?
Reviewed in the United States on July 28, 2019
Verified Purchase
Reviewed in the United States on May 19, 2006
Verified Purchase
11 people found this helpful
Comment Report abuse
Reviewed in the United States on December 13, 2018
Verified Purchase
Reviewed in the United States on August 26, 2013
Verified Purchase
Reviewed in the United States on July 4, 2015
Verified Purchase
Reviewed in the United States on April 12, 2007
Verified Purchase
2 people found this helpful
Comment Report abuse
Reviewed in the United States on March 7, 2011
Verified Purchase
One person found this helpful
Comment Report abuse
Reviewed in the United States on April 11, 2006
6 people found this helpful
Comment Report abuse

Top international reviews

4.0 out of 5 stars I assume the content is good; a bit let down by the design/printing
Reviewed in the United Kingdom on August 17, 2013
Verified Purchase
One person found this helpful
Sending feedback...
Thank you for your feedback.
Report abuse