“Whether you are a business leader attempting to understand the threat space for your business, or an engineer tasked with writing the code for those sites, or a security engineer attempting to identify and mitigate the threats to your applications, this book will be an invaluable weapon in your arsenal.”
Chris Peterson, Senior Director of Application Security, Zynga Game Network;
Former Director of Security Assurance, Microsoft Corporation

"I cut my teeth reading Joel's work, and this book is no disappointment. People often ask where to find high quality content that will help them gain a foothold in this daunting industry. This is the kind of desk reference every web application security practitioner needs. It will certainly hold a place of prominence in my personal library."
Robert "RSnake" Hansen, CEO SecTheory and founder of

“An eye opening resource for realizing the realities of today’s web application security landscape, this book explores the latest vulnerabilities as well as exploitation techniques and tradecraft being deployed against those vulnerabilities. This book is a valuable read for both the aspiring engineer who is looking for the first foray into the world of web application security and the seasoned application security penetration testing expert who wants to keep abreast of current techniques.”
Chad Greene, Director, eBay Global Information Security

"As our businesses push more of their information and commerce to their customers through web-applications, the confidentiality and integrity of these transactions is our fundamental, if not mandatory responsibility. Hacking Exposed provides a comprehensive blueprint for Application developers and Security professionals charged with living up to this responsibility. The authors' research, insight and 30+ years as an information security expert, make this an invaluable resource in the application and information protection tool kit. Great Stuff!"
Ken Swanson, CISM, IS Business Solution Manager, regionally-based P&C Insurance company

"This book is so much more then the authoritative primer on web application security, it's also an opportunity to accompany the foremost industry experts, in an apprenticeship that even seasoned professionals will enjoy."
Andrew Stravitz, CISSP, Director of Information Security, Barnes &

“A very timely reference, as cloud computing continues to expand into the enterprise and web security emerges as the new battle-ground for attackers and defenders alike. This comprehensive text is the definitive starting point for understanding the contemporary landscape of threats and mitigations to web applications. Particularly notable for its extensive treatment of identity management, marking the first time that challenges around authentication have been surveyed in-depth and presented in such an accessible fashion.”
Cem Paya, Google Security Team

Copyright © 2003. All Rights Reserved. Designed by HTMLfx