Cenzic 232 Patent
Paid Advertising
web application security lab

XSS Book Preview

Well, we are finally done with the XSS book (XSS Attacks - Cross Site Scripting Attacks Exploits and Defense). It’s off at the presses, and should be on the shelves in a few week’s time. We were authorized to throw up a sample chapter and the table of contents from the book for anyone who would like to read it. You can download a zipped up version of Chapter 5 and the table of contents.

Since it wasn’t super clear, and because we had a tiny bit of a cast change, here is the final author list from the book: Jeremiah Grossman, Robert “RSnake” Hansen, Petko “pdp” D. Petkov, Anton Rager and Seth Fogie (both a technical editor and contributor). I hope anyone who buys the book likes what they read. Please take a look at the zip file for anyone curious about what the book is like. It’s a technical read, but I think it’s a good reference for anyone new to the field or anyone unfamiliar with the nuances of what we talk about every day.

Btw, I am in the process of making a big move across the country, so starting tomorrow and over the next several day the posts on the site will slow or completely stop. I’ll have next to no access to any computer. I’ll be back online hopefully by the end of the week. Catch you on the flip side!

27 Responses to “XSS Book Preview”

  1. Awesome AnDrEw Says:

    I just downloaded the ZIP, and I’ll take a look at it later. I’m waiting for my RAM to arrive right now, but I’ll definitely order it later. Any new concepts in the book that you haven’t publically released here?

  2. Awesome AnDrEw Says:

    Sorry for the second post, but looking at the PDF file I couldn’t help but say that this book will be awesome, and most definitely the most valued one I’ll have in my collection (other than “A Clockwork Orange”). I just ordered it (it was an impulse-buy), and I’ll be getting it 2 days after it’s available.

  3. Sid Says:

    Very well written, I’m eagerly awaiting the delivery.

  4. kogir Says:

    If the whole book is as approachable as the sample chapter, this might well become required reading where I work.

  5. Wladimir Palant Says:

    Are you interested in corrections or should I better not tell you now that you cannot change it any more?

  6. RSnake Says:

    You can tell me all you like, but there’s not much I can do about it now. :) Eventually we can publish an errata, I suppose. But why don’t you wait until you read the whole thing. It would be better to get them in one lump sum that I can post openly.

  7. Vinicius K-Max Says:

    I can’t wait for this book :)

  8. christ1an Says:

    Hehe great that you’ve uploaded chapter 5 which happens to deal with DNS Pinning. Remember my mail couple of days ago? ;-)

    Anyway, great work from all of you, I appreciate that.

  9. blad3 Says:

    Hey, this sample chapter looks good.
    Congratulations on the book!

  10. Popcorn Says:

    *bought* Even Amazon Germany is some kind of uncooperative. :(
    http://www.amazon.de/Cross-Site-Scripting-Attacks-Exploits/dp/1597491543/

  11. hackathology Says:

    Finally its out. Finally, i prayed so hard. Thank you Rsnake.

  12. /nul Says:

    Congratulations for the book. I will defininitely buy it when it’s out.
    Where I can find PostInterpreter GreaseMonkey script mentioned in ToC?

  13. World Domination Says:

    Thank you for this chapter :)

  14. Ivan Says:

    Cool, my copy is in L.A. … now I just can wait for somebody to deliver in Serbia :|

  15. pcgfx805 Says:

    Great! Am I right to assume that it will be available in Britain around the same time? Only the not-so-pretty UK version of Amazon has less details than the .com version.

  16. FR3DC3RV Says:

    The Chapter 5 seems very good.

  17. SethF Says:

    PostInterpreter is located at:
    http://userscripts.org/scripts/show/743

  18. MustLive Says:

    Congratulate RSnake, you and all team of authors.

    It is good that book is finished and is on the way to the shelves. Good reading for everyone ;-). There will be more useful information sources about XSS soon.

  19. beNi Says:

    Nice nice, maybe someone will send it me until christmas ;-)

    I’ll definately have a look at it, keep that good work on!

  20. christ1an Says:

    RSnake do you have a full PDF version of the book?

  21. RSnake Says:

    @christ1an - I have copies of drafts with markup in them, why?

  22. missenlinx Says:

    I have not bought a technical book in a while but XSS is important i’ll buy it. :D

  23. Recognize-Security Says:

    XSS Book

    I guess you all know Cross-Site Scripting attacks are becoming more and more dangerous every day. In the Web 2.0 era, stealing a user cookie\session or hijacking a user browser is almost equal to compromising his box by exploiting a remote code execut…

  24. /nul Says:

    Would be nice if you could upload PDF drafts. Or at least few more chapters :) Not to worry. I will buy the book anyway. It’s just I can wait to read it… Well, I suppose you don’t have a permission from Syngress.

  25. RSnake Says:

    @/nul - the .zip file in the post does contain two .pdfs (one being chapter 5 and one being the ToC). I don’t ever put raw .pdf’s on the site due to the UXSS vuln in PDFs. ;) It may be fixed for most people but there are surely some poor schmucks out there who haven’t upgraded.

  26. chillervalley Says:

    hey, sounds nice. but, will this book be translatet into German?

  27. XaDoS Says:

    i will buy yuor book
    but..
    ilive in italy.
    or a library in my cyty get the book ( the house of production send to me) or i want buy like in ebay
    it’s possible?