THE HACKERS CODEX:

Modern Web Application
Attacks Demystified

BUY NOW
Available in Paperback & Kindle

About The Book

Modern web applications are a complicated mix of client and server-side programming languages and frameworks, cloud infrastructure, and caches. Additionally, web applications are protected and monitored by several defense in-depth tools including web application firewalls, intrusion detection and prevention systems, and newer solutions that use artificial intelligence and machine learning to block attacks. The learning curve to find and exploit impactful flaws in web applications has never been higher. Despite the complexity attackers are generating millions of dollars every year by exploiting web applications flaws and their end users.

Exploit Real Web Application Security Bugs

In “The Hacker’s Codex: Modern Web Application Attacks Demystified” you’ll learn how to find and exploit real world web application security bugs by using examples found in the real world. These same techniques are used by cyber gangs to generate millions of dollars every year and are wide spread. This book is not another OWASP top ten reprint or written by academic with no real world experience. Whether your a senior level application security security professional, a hobbyist, or a developer looking to secure your application from modern attacks you'll learn something from this book.

Available in these formats
THE HACKERS CODEX

A BOOK PREVIEW

You’ll learn how to find and exploit real world web application security bugs by using examples found in real world applications.

The Attacker’s Payload

Find and exploit an HTML injection flaw to send spear phishing payloads.

Using code review you'll find and exploit a Host Header Injection vulnerability in an open source CMS system that has over 25000 install per month.

Bypass AI defense mechanisms, client side encryption, and a web application firewall to enumerate social security numbers of an international banks password reset page.

Learn cutting edge techniques and edge cases to bypass CSRF mitigations.

Learn how to exploit advanced CORS vulnerbities. These same techniques were used by the author to exploit a CORS vulnerablity in a 3 letter goverment agency's email application.

Learn how to find and exploit modern day client side injection vulnerabilities to exfiltrate sensitive information, execute code on end user systems and bypass state of the art web application firewalls.

Turn XSS and other "user interaction" vulnerabilities into devasting non-click automated attacks.

Abuse caching behavior to turn "Self-XSS" and other no impact vulnerabilities into devasting scalable exploits.

Over 180 pages of content and 18 chapters of real-world web application attacks. After reading this book you'll know how to find and exploit common vulnerabitites that real world threat actors are actively looking for. The first step to fixing these issues is being able to find and identify them.

The Hackers Codex:

Modern Web Application Attacks Demystified

GET IT NOW ON

Available in

Paperback & Kindle formats

About The Author

Firefox bug bounty hall of famer and consultant with over 7 years of experience Brandon has been programming and hacking since middle school. Having lived and traveled extensively throughout the developing world as well as learning hacking from darker parts of the internet he has a unique perspective on attacker motivation and techniques. He hopes his experiences can benefit and motivate organizations to fix bugs that are overlooked or ignored but are actively found and exploited by malicious actors.

Follow the Author

Get the latest industry news and updates.

We will collect, use and protect your data in accordance with our Privacy Policy.