Available for preorder on Amazon.com!

Got Hacked?

Want to be able to defend your application from hackers?
Want to know the history of hacking and defenses against hackers?
Want to learn to hack other other web applications?
Want to make money on the side as a bug bounty hunter or pen tester?

The reader needs no security background - yet by the end of this book will have the fundamental skills required to begin hacking modern web applications, or defending their applications against modern hackers.

This book is structured such that each chapter carefully builds on top of the previous, eventually integrating recon, offense and defense techniques together into a full-stack security skillset.

Buy now for $49.99

* Early access eBook available on Safari

What's Inside?

Recon

Learn techniques that can be used to find the technologies (servers, software, frameworks) behind a web application. Many of these techniques can be used to gather information on web applications you do not have direct access to.

Offense

Learn to develop and deploy a number of powerful exploits which are effective means of hacking many web applications on the internet today.

Defense

Tie together the rest of the book using the recently aquired history, recon and offense knowledge to build and deploy mitigations and defenses that protect your application against all of the aforementioned attacks. Additionally learn best practices and methodologies for writing more secure code that can be integrated into any application.

About the Author

Andrew Hoffman a is a Senior Security Engineer at Salesforce.com, where he is responsible for the security of multiple JavaScript, NodeJS, and OSS teams. His expertise is in deep DOM and JavaScript security vulnerabilities.

He has worked with every major browser vendor, as well as with TC39 and WHATWG - the organizations responsible for designing upcoming versions of JavaScript and the browser DOM.

Andrew has been contributing to the upcoming JavaScript language security feature "Realms," which will provide language level namespace isolation as a native JavaScript feature.

He is also researching the potential security implications of "stateless (safe / pure) modules" which could allow web portals to execute user-provided JavaScript with significantly reduced risk.

You learn more about Andrew via his blog or connect with him on LinkedIn.

Editorial Team

Angela Rufino - Content Development Editor @ O'Reilly Media
Jennifer Pollock - Senior Content Acquisitions Editor @ O'Reilly Media
Sonia Saruba - Senior Technical Editor @ O'Reilly Media

Technical Review Team

August Detlefsen - Security Architect @ Salesforce.com
Tim Gallo - Security Architect @ FireEye
Chetan Karande - Security Director @ DTCC
Ryan Flood - Senior Security Engineer @ AirBnB
Allan Liska - Threat Intelligence Analyst @ Recorded Future