The authors will periodically post Web Application security items of note
on this page (older items are in the Archive).
10/15/10 - Third Edition published!
Hacking Exposed: Web Applications 3rd Edition is available!
02/27/08 - How Safe Are Your Private Pictures on the Net?
Co-author Joel Scambray
interviewed on Fox News Los Angeles television about web site security
at services like Flickr, TinyPic, and Photobucket, where supposedly private
videos and pictures have become exposed on the Internet.
08/02/06 - Hacking Exposed Web Apps 2 Authors Make Splash at Black
Co-authors Joel Scambray and Caleb Sima greeted attendees and signed books
at the 10th
Annual Black Hat conference during the Wednesday evening gala reception.
Scambray and Sima were spotted later in the week at several Las Vegas
night spots including Tao,
Body English, Rain
at the Palms, The
Foundation Room, and a low-minimum blackjack table in the Imperial
Palace Casino (where several hundred dollars were donated to a local
charity for karaoke-singing card dealers -- heh).
07/26/06 - Trojan horse cloaks itself as Firefox extension
McAfee Inc. discovered a malicious Firefox extension. The program
appears as "NumberedLinks 0.9" extension, which normally would
allow a user to navigate links by numbers using the keyboard rather than
a mouse. This finding highlights the vulnerability of Firefox and other
browsers to installation of malicious extensions that appear to offer
07/25/06 - CSI Computer Crime Survey released
The Computer Security Institute (CSI) and the San Francisco Federal Bureau
of Investigation's (FBI) Computer Intrusion Squad released its 2006
Computer Crime and Security Survey of 616 U.S. companies. Virus attacks,
unauthorized access to networks, lost/stolen laptops or mobile hardware
and theft of proprietary information or intellectual property account
for more than 74% of reported financial losses. Where'z the web hacking?!?
07/24/06 - Hacking Exposed Web Apps 2 reviewed in ComputerWorld
Hacking Exposed Web Apps 2 is featured in this
weeks Computerworld Security Bookshelf.
07/02/06 - Month of Browser Bugs (MoBB) announced
Security researcher H.D. Moore (author of the Metasploit Framework) started
a Browser Fun Blog kicked
off by disclosing a month of browser vulnerabilities. H.D. published at
least one vulnerability per day during the month of July, almost entirely
concerning Microsoft's Internet Explorer bugs. He subsequently published
fuzzing tool used to find many of the vulnerabilities. It is unclear
numerous beers purchased for researchers like H.D. by Microsoft will
prevent another month like July :)
06/05/06 - Hacking Exposed Web Apps 2 ships!
Hacking Exposed Web Apps 2 shipped on June 5, and should be available
immediately from your favorite bookseller!
05/17/06 - A
chapter exerpt from Hacking Exposed 5th Edition is featured on Fawcette
Technical Publications Online (FTPOnline). The chapter is "Hacking
Windows," and covers remote exploits, privilege escalation, rootkits,
countermeasures, and much more.
05/10/06 - Online Fraud RiskSame As Offline
new study from the Merchant Risk Council (MRC) shows that the fraud
rates for online stores are now similar to the fraud rates suffered at
03/27/06 - Web Hacking Incidents Databse (WHID)
Check out the Web Hacking
Incident Database (WHID) list of web application-related security
02/24/06 - Hacking Exposed Vegas!
Hacking Exposed Web Applications and co-authors Joel Scambray and Caleb
Sima star in the "Oceans 11" of computer security: The
Code Room Vegas. Check out this 28-minute video dramatizing 3 real-world
hackers who take down a Vegas casino (or download
your own copy).
01/24/06 - Audio interview with Hacking Exposed co-author Joel Scambray
In this audio
interview on TechRepublic, Joel Scambray, co-author of Hacking
Exposed, shares expert advice on combating common hacking techniques
01/24/06 - TechRepubllic selects Hacking Exposed as IT Book of the
TechRepublic editors have chosen Hacking Exposed,
Fifth Edition as the IT Book of the Month award winner for January
2006. Learn how to recognize and combat common hacking techniques. Download
sample chapters covering
Hacking Windows XP and Windows Server 2003 and Hacking
Firewalls to learn more.