Web applications are the front door to most organizations, exposing them to attacks that may disclose personal information, execute fraudulent transactions, or compromise ordinary users. This practical book has been completely updated and revised to discuss the latest step-by-step techniques for attacking and defending the range of ever-evolving web applications. You'll explore the various new technologies employed in web applications that have appeared since the first edition and review the new attack techniques that have been developed, particularly in relation to the client side. · Introduction · Web Application (In)security · Core Defense Mechanisms · Web Application Technologies · Mapping the Application · Bypassing Client-Side Controls · Attacking Authentication · Attacking Session Management · Attacking Access Controls · Attacking Data Stores · Attacking Back-End Components · Attacking Application Logic · Attacking Users: Cross-Site Scripting · Attacking Users: Other Techniques · Automating Customized Attacks · Exploiting Information Disclosure · Attacking Native Compiled Applications · Attacking Application Architecture · Attacking the Application Server · Finding Vulnerabilities in Source Code · A Web Application Hacker's Toolkit · A Web Application Hacker's Methodology