Tuesday, October 27, 2009

Review of Hacking Exposed: Web 2.0 Posted

Amazon.com just posted my three star review of Hacking Exposed: Web 2.0 by Rich Cannings, Himanshu Dwivedi, Zane Lackey, et al. From the review:

I have to agree with the other 3-star reviews of Hacking Exposed: Web 2.0 (HEW2). This book just does not stand up to the competition, such as The Web Application Hacker's Handbook (TWAHH) or Web Security Testing Cook (WSTC). I knew this book was in trouble when I was already reading snippets mentioning JavaScript arrays in the introduction. That set the tone for the book: compressed, probably rushed, mixing material of differing levels of difficulty. For example, p 8 mentions using prepared statements as a defense against SQL injection. However, only a paragraph on the topic appears, with no code samples (unlike TWAHH).

Note: McGraw-Hill Osborne provided me a free review copy.

2 comments:

PortSwigger said...

Richard - Many thanks for your review of my book, Web App Hacker's Handbook.

I was amused to read in your Amazon review of Hacking Exposed: Web 2.0 that WAHH had 10 contributors! In fact, it had two: myself and Marcus Pinto. I would have been glad of another 8 authors, as I would have got nearly a year of my life back.

Anyway, thanks again for your positive review.

Richard Bejtlich said...

Oh you're right -- I meant that SQL Injections Attack and Defense had 10, not your book. Sorry! I just posted a comment to the Amazon review for HEW2 with that correction.