This is an excellent introductory book for students and system administrators, written by well-respected authors. The text is easily read and comprehended; anyone concerned with Web server security should find it helpful.

The contents are divided into four main parts, with a case study introducing each one. Part 1, “The E-commerce Playground,” introduces Web languages and servers, shopping carts, payment gateways, and hacking protocols. Part 2, “URLs Unraveled,” moves into Web and Hypertext Markup Language (HTML) analysis. Part 3, “How Do They Do It?” discusses cyber graffiti, e-shoplifting, database access, remote command execution, impersonation, and buffer overflows. Part 4, “Advanced Web Kung Fu,” concludes with an introduction to automated hacking tools, worms, and intrusion detection systems. There are a number of appendices, including cheat sheets, resources, and Web-related tools. The book ends with a detailed index.

With screen displays and lines of code, this book truly puts the reader in the hacker’s seat, while, at the same time, introducing countermeasures. While I highly recommend this book, the reader must be aware that it is only a starting point in the study of this important subject.