The authors will periodically post Web Application security items of note on this page (older items are in the Archive).

10/15/10 - Third Edition published!
Hacking Exposed: Web Applications 3rd Edition is available!

02/27/08 - How Safe Are Your Private Pictures on the Net?
Co-author Joel Scambray interviewed on Fox News Los Angeles television about web site security at services like Flickr, TinyPic, and Photobucket, where supposedly private videos and pictures have become exposed on the Internet.

08/02/06 - Hacking Exposed Web Apps 2 Authors Make Splash at Black Hat '06
Co-authors Joel Scambray and Caleb Sima greeted attendees and signed books at the 10th Annual Black Hat conference during the Wednesday evening gala reception. Scambray and Sima were spotted later in the week at several Las Vegas night spots including Tao, Body English, Rain at the Palms, The Foundation Room, and a low-minimum blackjack table in the Imperial Palace Casino (where several hundred dollars were donated to a local charity for karaoke-singing card dealers -- heh).

07/26/06 - Trojan horse cloaks itself as Firefox extension
Security vendor McAfee Inc. discovered a malicious Firefox extension. The program appears as "NumberedLinks 0.9" extension, which normally would allow a user to navigate links by numbers using the keyboard rather than a mouse. This finding highlights the vulnerability of Firefox and other browsers to installation of malicious extensions that appear to offer harmless functionality.

07/25/06 - CSI Computer Crime Survey released
The Computer Security Institute (CSI) and the San Francisco Federal Bureau of Investigation's (FBI) Computer Intrusion Squad released its 2006 Computer Crime and Security Survey of 616 U.S. companies. Virus attacks, unauthorized access to networks, lost/stolen laptops or mobile hardware and theft of proprietary information or intellectual property account for more than 74% of reported financial losses. Where'z the web hacking?!?

07/24/06 - Hacking Exposed Web Apps 2 reviewed in ComputerWorld
Hacking Exposed Web Apps 2 is featured in this week’s Computerworld Security Bookshelf.

07/02/06 - Month of Browser Bugs (MoBB) announced
Security researcher H.D. Moore (author of the Metasploit Framework) started a Browser Fun Blog kicked off by disclosing a month of browser vulnerabilities. H.D. published at least one vulnerability per day during the month of July, almost entirely concerning Microsoft's Internet Explorer bugs. He subsequently published his ActiveX fuzzing tool used to find many of the vulnerabilities. It is unclear whether the numerous beers purchased for researchers like H.D. by Microsoft will prevent another month like July :)

06/05/06 - Hacking Exposed Web Apps 2 ships!
Hacking Exposed Web Apps 2 shipped on June 5, and should be available immediately from your favorite bookseller!

05/17/06 - A chapter exerpt from Hacking Exposed 5th Edition is featured on Fawcette Technical Publications Online (FTPOnline). The chapter is "Hacking Windows," and covers remote exploits, privilege escalation, rootkits, countermeasures, and much more.

05/10/06 - Online Fraud RiskSame As Offline
A new study from the Merchant Risk Council (MRC) shows that the fraud rates for online stores are now similar to the fraud rates suffered at brick-and-mortar stores.

03/27/06 - Web Hacking Incidents Databse (WHID)
Check out the Web Hacking Incident Database (WHID) list of web application-related security incidents.

02/24/06 - Hacking Exposed Vegas!
Hacking Exposed Web Applications and co-authors Joel Scambray and Caleb Sima star in the "Oceans 11" of computer security: The Code Room Vegas. Check out this 28-minute video dramatizing 3 real-world hackers who take down a Vegas casino (or download your own copy).

01/24/06 - Audio interview with Hacking Exposed co-author Joel Scambray
In this audio interview on TechRepublic, Joel Scambray, co-author of Hacking Exposed, shares expert advice on combating common hacking techniques and tools.

01/24/06 - TechRepubllic selects Hacking Exposed as IT Book of the Month
TechRepublic editors have chosen Hacking Exposed, Fifth Edition as the IT Book of the Month award winner for January 2006. Learn how to recognize and combat common hacking techniques. Download sample chapters covering Hacking Windows XP and Windows Server 2003 and Hacking Firewalls to learn more.


Copyright © 2003. All Rights Reserved. Designed by HTMLfx