Artech House author Serge Borso is one of the foremost names in IT security, and he gave us insight as to how and why he came to write his latest book, The Penetration Tester's Guide to Web Applications. Read below for more:
Within a year, right after I had earned my Master’s degree in Computer Systems Security, I moved to the operations team (at the same company) with a new title of “Security Specialist”.
In this role I setup sudoers files for hundreds of servers, helped create a fraud monitoring system and biometric two-factor authentication for our online banking applications, I dove into dumpsters searching for PII, created security awareness training programs and starting receiving penetration testing reports. These reports were from our clients (banks and credit unions) and highlighted vulnerabilities in our platform, applications and implementation. This is when I started taking a close look at offensive security and moving into the realm of penetration testing and attending OWASP meetings. That was over ten years ago. My first book, “The Penetration Tester’s Guide to Web Applications”, takes a close look at the OWASP top ten vulnerabilities from the perspective of the penetration tester, and walks the reader through how to identify and exploit each flaw in a meaningful way. It’s a must-have for anyone responsible for web app pen testing and from the feedback I have received, a very useful reference for those defending applications as well. Check it out.
For more information, or to order, click here.