What's Inside?


Learn techniques that can be used to find the technologies (servers, software, frameworks) behind a web application. Many of these techniques can be used to gather information on web applications you do not have direct access to.


Learn to develop and deploy a number of powerful exploits which are effective means of hacking many web applications on the internet today.


Tie together the rest of the book using the recently aquired history, recon and offense knowledge to build and deploy mitigations and defenses that protect your application against all of the aforementioned attacks. Additionally learn best practices and methodologies for writing more secure code that can be integrated into any application.

About the Author

Andrew Hoffman a is a Senior Security Engineer at Salesforce.com, where he is responsible for the security of multiple JavaScript, NodeJS, and OSS teams. His expertise is in deep DOM and JavaScript security vulnerabilities.

He has worked with every major browser vendor, as well as with TC39 and WHATWG - the organizations responsible for designing upcoming versions of JavaScript and the browser DOM.

Andrew has been contributing to the upcoming JavaScript language security feature "Realms," which will provide language level namespace isolation as a native JavaScript feature.

He is also researching the potential security implications of "stateless (safe / pure) modules" which could allow web portals to execute user-provided JavaScript with significantly reduced risk.

You learn more about Andrew via his blog or connect with him on LinkedIn.