XSS Attacks Book Preview

published: April 25th, 2007

If you haven’t heard from RSnake’s or JG’s blogs yet, the long awaited XSS Attacks book will be out very soon and here I present you with the way the cover will look like in addition to the TOC and a sample chapter. I hope that you find it useful. We’ve put a lot of effort into this book in order to make it as complete as possible. It is a quite good technical read so give it a try.

Before going any further, I would like to thanks for the opportunity that has been given to me. It has been great time to work with Seth Fogie, RSnake, Jeremiah Grossman, Anton Rager and Andrew Williams. We all had ups and downs while putting the book together, due to our busy schedules I guess, but we’ve made it and I am really happy with the final result. It was a collective work at its best. I am looking forward to work on other projects with you guys.

I hope that this book will make more people aware of the current threats that concern Web application security. XSS attacks has been with us for a while, yet not that many people realise their potentials. We push really hard to raise the community and industry awareness through the work we publish in our blogs. However, we all have been working on small pieces of the whole puzzle. The book, that we’ve put together, is the definitive guide for every web application/client side security expert or newbie. It is a collection of some of the best publicly disclosed research around the area of browser security.

We could of put a lot more into this book. We could of generate the ultimate client-side security bible. Nahhh, we tried to stay more down to earth and provide the reader with a technically rich book that is as complete as the predefined book length allowed. This book is the best XSS/Client-side security reference available on the market today. I am sure that you are going to like it.

Cross-site scripting is here to stay for many, many, many years. I hardly doubt that we can ever get rid of this vulnerability, although I know that it will evolve with the years passing by. Here is my favourite quote from the book:

XSS is the New Buffer Overflow, JavaScript Malware is the new shell code

Enjoy the read!

» more | » comments rss | posted by pdp | syndication and integration ( )

Comments

MustLive responds:

Congratulate you Pdp and all team of authors.

It is good that this book is finished and is on way to the readers. Good reading for everyone. There will be more sources of professional and useful information about XSS soon.

Yes, man, I also like this quote :-). XSS is really the new Buffer Overflow. BO is a past and XSS is a future. Are you ready for a future?

Aodhhan responds:

I placed a pre-order for this book about 2 weeks ago. After reading the TOC, I am really looking forward to getting it into my hands.

f0rg3 responds:

Im really looking forward to reading this book. I am a big fan of XSS and no Buffer Overflows are not dead.

Respond

In order to preserve the high standards of GNUCITIZEN, before you post a comment, please take note of the following guidelines:

Commenting is provided as a courtesy only.
Please be brief and relevant to the post.
Please be polite even in disagreement with us or others.
Support claims you wish to make using sources and links.
No personal attacks, name calling, or commercial commenting.
Anyone creating false or multiple identities will be banned.
If you don't have a cogent argument, you will be censored.
If you are purposefully deceptive, you will be censored.
No spamming or flooding.

We appreciate your time and effort in contributing to GNUCITIZEN.

name: (required)

mail: (required)

website:

comment:

GNUCITIZEN Products

	Blogsecurify is a division of GNUCITIZEN. The initiative was established to provide social media security services through our free automated testing engine. The Blogsecurify team is also engaged to deliver quality content on issues concerning social media technologies.
	Netsecurify is a division of GNUCITIZEN. The initiative was established to provide network security services through our free automated testing engine. The service is still in private-beta.
	Websecurify is a division of GNUCITIZEN. The initiative was established to provide a fee web application security framework for automated and manul penetration testing. The service is still in private-beta.
	Secapps serves as an application directory of all online tools which the GNUCITIZEN team has built over the years.
	Securls serves as an information security intelligence tool, combining news and articles from the best information security resources online.