XSS Book Preview
Well, we are finally done with the XSS book (XSS Attacks - Cross Site Scripting Attacks Exploits and Defense). It’s off at the presses, and should be on the shelves in a few week’s time. We were authorized to throw up a sample chapter and the table of contents from the book for anyone who would like to read it. You can download a zipped up version of Chapter 5 and the table of contents.
Since it wasn’t super clear, and because we had a tiny bit of a cast change, here is the final author list from the book: Jeremiah Grossman, Robert “RSnake” Hansen, Petko “pdp” D. Petkov, Anton Rager and Seth Fogie (both a technical editor and contributor). I hope anyone who buys the book likes what they read. Please take a look at the zip file for anyone curious about what the book is like. It’s a technical read, but I think it’s a good reference for anyone new to the field or anyone unfamiliar with the nuances of what we talk about every day.
Btw, I am in the process of making a big move across the country, so starting tomorrow and over the next several day the posts on the site will slow or completely stop. I’ll have next to no access to any computer. I’ll be back online hopefully by the end of the week. Catch you on the flip side!
April 23rd, 2007 at 1:27 pm
I just downloaded the ZIP, and I’ll take a look at it later. I’m waiting for my RAM to arrive right now, but I’ll definitely order it later. Any new concepts in the book that you haven’t publically released here?
April 23rd, 2007 at 1:46 pm
Sorry for the second post, but looking at the PDF file I couldn’t help but say that this book will be awesome, and most definitely the most valued one I’ll have in my collection (other than “A Clockwork Orange”). I just ordered it (it was an impulse-buy), and I’ll be getting it 2 days after it’s available.
April 23rd, 2007 at 2:32 pm
Very well written, I’m eagerly awaiting the delivery.
April 23rd, 2007 at 2:44 pm
If the whole book is as approachable as the sample chapter, this might well become required reading where I work.
April 23rd, 2007 at 3:41 pm
Are you interested in corrections or should I better not tell you now that you cannot change it any more?
April 23rd, 2007 at 4:36 pm
You can tell me all you like, but there’s not much I can do about it now.
Eventually we can publish an errata, I suppose. But why don’t you wait until you read the whole thing. It would be better to get them in one lump sum that I can post openly.
April 23rd, 2007 at 7:50 pm
I can’t wait for this book
April 23rd, 2007 at 10:53 pm
Hehe great that you’ve uploaded chapter 5 which happens to deal with DNS Pinning. Remember my mail couple of days ago?
Anyway, great work from all of you, I appreciate that.
April 23rd, 2007 at 11:44 pm
Hey, this sample chapter looks good.
Congratulations on the book!
April 24th, 2007 at 1:38 am
*bought* Even Amazon Germany is some kind of uncooperative.
http://www.amazon.de/Cross-Site-Scripting-Attacks-Exploits/dp/1597491543/
April 24th, 2007 at 3:10 am
Finally its out. Finally, i prayed so hard. Thank you Rsnake.
April 24th, 2007 at 3:12 am
Congratulations for the book. I will defininitely buy it when it’s out.
Where I can find PostInterpreter GreaseMonkey script mentioned in ToC?
April 24th, 2007 at 3:28 am
Thank you for this chapter
April 24th, 2007 at 7:33 am
Cool, my copy is in L.A. … now I just can wait for somebody to deliver in Serbia
April 24th, 2007 at 8:28 am
Great! Am I right to assume that it will be available in Britain around the same time? Only the not-so-pretty UK version of Amazon has less details than the .com version.
April 24th, 2007 at 10:49 am
The Chapter 5 seems very good.
April 24th, 2007 at 12:52 pm
PostInterpreter is located at:
http://userscripts.org/scripts/show/743
April 24th, 2007 at 5:17 pm
Congratulate RSnake, you and all team of authors.
It is good that book is finished and is on the way to the shelves. Good reading for everyone ;-). There will be more useful information sources about XSS soon.
April 25th, 2007 at 11:19 am
Nice nice, maybe someone will send it me until christmas
I’ll definately have a look at it, keep that good work on!
April 25th, 2007 at 9:46 pm
RSnake do you have a full PDF version of the book?
April 26th, 2007 at 11:41 am
@christ1an - I have copies of drafts with markup in them, why?
April 26th, 2007 at 7:31 pm
I have not bought a technical book in a while but XSS is important i’ll buy it.
April 27th, 2007 at 4:57 am
XSS Book
I guess you all know Cross-Site Scripting attacks are becoming more and more dangerous every day. In the Web 2.0 era, stealing a user cookie\session or hijacking a user browser is almost equal to compromising his box by exploiting a remote code execut…
April 27th, 2007 at 9:13 am
Would be nice if you could upload PDF drafts. Or at least few more chapters
Not to worry. I will buy the book anyway. It’s just I can wait to read it… Well, I suppose you don’t have a permission from Syngress.
April 27th, 2007 at 10:29 am
@/nul - the .zip file in the post does contain two .pdfs (one being chapter 5 and one being the ToC). I don’t ever put raw .pdf’s on the site due to the UXSS vuln in PDFs.
It may be fixed for most people but there are surely some poor schmucks out there who haven’t upgraded.
April 29th, 2007 at 1:23 am
hey, sounds nice. but, will this book be translatet into German?