Web application (in) security
Core defense mechanisms
Web application technologies
Mapping the application
Bypassing client-side controls
Attacking authentication
Attacking session management
Attacking access controls
Attacking data stores
Attacking back-end components
Attacking application logic
Attacking users : cross-site scripting
Attacking users : other techniques
Automating customized attacks
Exploiting information disclosure
Attacking native compiled applications
Attacking application architecture
Attacking the application server
Finding vulnerabilities in source code
A web application hacker's toolkit
A web application hacker's methodology.