How to Attack and Defend Your Website (2015)


When you are trying to build a secure website or web application, it helps to see the problem through the eyes of the adversary, to understand the weaknesses that can be used to attack a website. Therefore, the goal of this book is to teach you how to hack websites. Through hands-on exercises we will show you several of the most common weaknesses and how they can be exploited by an attacker – in this case, you. After you learn this, you will be better prepared to protect your own, your clients’ or your employer’s websites from these types of attacks.

We will start by learning the basic web technology stack, and then we will delve a little deeper and talk about the HTTP protocol. Central to this book is being able to understand the technologies so that we can make them do exactly what we want, instead of what the developer intended, and that in itself is a good definition of “web application hacking.” The next step is to learn what tools to use for web app hacking and how to set up those tools1. After that, the fun begins – exploitation and learning how to break web applications.

To finish up, we will talk about finding vulnerabilities in websites, which will again help you see from the adversary’s perspective how they look for weaknesses to exploit.

1 Please Download “Getting Your Hacking Lab Set Up at: