Review of Hacking Exposed: Web 2.0 Posted

Amazon.com just posted my three star review of Hacking Exposed: Web 2.0 by Rich Cannings, Himanshu Dwivedi, Zane Lackey, et al. From the review:

I have to agree with the other 3-star reviews of Hacking Exposed: Web 2.0 (HEW2). This book just does not stand up to the competition, such as The Web Application Hacker's Handbook (TWAHH) or Web Security Testing Cook (WSTC). I knew this book was in trouble when I was already reading snippets mentioning JavaScript arrays in the introduction. That set the tone for the book: compressed, probably rushed, mixing material of differing levels of difficulty. For example, p 8 mentions using prepared statements as a defense against SQL injection. However, only a paragraph on the topic appears, with no code samples (unlike TWAHH).

Note: McGraw-Hill Osborne provided me a free review copy.

Comments

PortSwigger said…
Richard - Many thanks for your review of my book, Web App Hacker's Handbook.

I was amused to read in your Amazon review of Hacking Exposed: Web 2.0 that WAHH had 10 contributors! In fact, it had two: myself and Marcus Pinto. I would have been glad of another 8 authors, as I would have got nearly a year of my life back.

Anyway, thanks again for your positive review.
Oh you're right -- I meant that SQL Injections Attack and Defense had 10, not your book. Sorry! I just posted a comment to the Amazon review for HEW2 with that correction.

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics