Web application (in)security
Core defense mechanisms
Web application technologies
Mapping the application
Bypassing cliente-side controls
Attacking authentication
Attacking session management
Attacking acces controls
Injecting code
Exploiting path travrsal
Attacking application logic
Attacking other users
Automating bespoke attacks
Exploiting information disclosure
Attacking compiled applications
Attacking application architecture
Attacking the web server
Finding vulnerabilities in source code
A web application hacker´s toolkit
A web application hacker´s methodology.