Web Security Testing Cookbook--New from O'Reilly

For Immediate Release
For more information, a review copy, cover art, or interview with the
author, contact:
Mary Rotman (707) 827-7119 or maryr@oreilly.com

Web Security Testing Cookbook--New from O'Reilly
Systematic Techniques to Find Problems Fast

Sebastopol, CA--Among the tests you perform on web applications, security
testing is perhaps the most important, yet it's often the most neglected.
The recipes in the "Web Security Testing Cookbook" (O'Reilly Media, $39.99
USD) demonstrate how developers and testers can check for the most common
web security issues, while conducting unit tests, regression tests, or
exploratory tests. Unlike ad hoc security assessments, these recipes are
repeatable, concise, and systematic-perfect for integrating into your
regular test suite.

The recipes in this new title cover the basics from observing messages
between clients and servers to multi-phase tests that script the login and
execution of web application features. By the end of the book, you'll be
able to build tests pinpointed at Ajax functions, as well as large
multi-step tests for the usual suspects: cross-site scripting and
injection attacks. 

This book will help you:

- Obtain, install, and configure useful--and free--security testing tools
- Understand how your application communicates with users, so you can
better simulate attacks in your tests
- Choose from many different methods that simulate common attacks such as
SQL injection, cross-site scripting, and manipulating hidden form fields
- Make your tests repeatable by using the scripts and examples in the
recipes as starting points for automated tests

Don't live in dread of the midnight phone call telling you that your site
has been hacked. With "Web Security Testing Cookbook" and the free tools
used in the book's examples, you can incorporate security coverage into
your test suite, and sleep in peace.

Paco Hope is a technical manager at Cigital, Inc., co-author of O'Reilly's
"Mastering FreeBSD and OpenBSD Security" and a frequent speaker on
software security and quality assurance topics.

Ben Walther is a consultant at Cigital, Inc., and contributor to the Edit
Cookies add-on for Firefox. His main focus is quality assurance and
software security.

Advance Praise:
"Great real-life examples throughout make the theory come alive and make
the attacks compelling."
--Lee Copeland, Program Chair StarEast and StarWest Testing Conferences

"Finally, a plain-sense handbook for testers that teaches the mechanics of
security testing. Belying the usability of the 'recipe' approach, this
book actually arms the tester to find vulnerabilities that even some of
the best known security tools can't find."
--Matt Fisher, Founder and CEO Piscis LLC

For more information about the book, including table of contents, index,
author bio, and samples, see:
http://oreilly.com/catalog/9780596514839

Web Security Testing Cookbook
Paco Hope, Ben Walther
ISBN: 9780596514839, $39.99 USD
order@oreilly.com
1-800-998-9938
1-707-827-7000
http://www.oreilly.com
1005 Gravenstein Highway North
Sebastopol, CA 95472

About O'Reilly
O'Reilly Media spreads the knowledge of innovators through its books,
online services, magazines, and conferences. Since 1978, O'Reilly Media
has been a chronicler and catalyst of cutting-edge development, homing in
on the technology trends that really matter and spurring their adoption by
amplifying "faint signals" from the alpha geeks who are creating the
future. An active participant in the technology community, the company has
a long history of advocacy, meme-making, and evangelism.

# # #

O'Reilly is a registered trademark of O'Reilly Media, Inc. All other
trademarks are property of their respective owners.