Errata for Web Security Testing Cookbook
Submit your own errata for this product.
The errata list is a list of errors and their corrections that were found after the product was released. If the error was corrected in a later version or reprint the date of the correction will be displayed in the column titled "Date Corrected".
The following errata were submitted by our customers and approved as valid errors by the author or editor.
Color Key: Serious Technical Mistake Minor Technical Mistake Language or formatting error Typo Question
| Version |
Location |
Description |
Submitted By |
Date Submitted |
Date Corrected |
| Printed |
Page 23
Paragraph 6 |
Link to ViewState Decoder is http://www.pluralsight.com/tools.aspx This page does not exist. Better link is:
http://www.pluralsight.com/community/media/p/51688.aspx
|
Anonymous |
Nov 23, 2008 |
|
| Printed, Safari Books Online |
Page 77
comment inside the for loop |
The top of the ASCII printable range is 0x7F, not 0x1F
Note from the Author or Editor:
Line in example 5-2 should be changed to:
# random char between "space" and 0x7F, which is the top of the
Ironically, it's just a comment that's wrong. The code does the right thing. |
Miguel Macias |
Nov 07, 2010 |
|
| Printed, Safari Books Online |
Page 90
2nd paragraph of Cross-site-scripting |
The first IMG tag is not correct. To illustrate the XSS it could be: <IMG SRC='name.jpg' />
Note from the Author or Editor:
Correction is right. The /> is missing. |
Miguel Macias |
Nov 08, 2010 |
|
| Printed |
Page 110
3rd paragraph |
On a Mac, command:
wget -r -R '*.gif,*.jpg,*.png,*.css,*.js'
should be:
wget http://www.nova.org -r -R '*.gif,*.jpg,*.png,*.css,*.js'
Note from the Author or Editor:
The suggested correction is exactly right. |
Don Franke |
Dec 27, 2008 |
|
| Printed |
Page 113
2 |
There is no -g flag for Nikto 2.03 (running on the Mac.)
Note from the Author or Editor:
This is bizarre. That option does not seem to exist at all in any of the versions of nikto I have laying around. Not only do I put it in the example code, but I put it in the discussion, too. Before this could be reprinted, this recipe should be rewritten some. |
Don Franke |
Dec 27, 2008 |
|
| Printed, Safari Books Online |
Page 142
Example 7.7 |
The value of the 'action' attribute is not closed.
It would be better than the 'passwd' field was of type password.
The 'submit' field has not a name, so the browser never sends it. The curl command equivalent would be:
curl -o output.html -d "userid=root" -d "passwd=fluffy" \
http://www.example.com/servlet/login.do
Note from the Author or Editor:
This needs multiple corrections. The first line needs a double-quote on the end (after .do). The line the commenter is reporting needs to be:
<p><input type="submit" name="Login" value="login"></p>
The password line should be changed to:
<p>Password: <input type="password" name="passwd"></p> |
Miguel Macias |
Nov 07, 2010 |
|
| Printed |
Page 180
bottom paragraph |
"users" should be "user's"
Note from the Author or Editor:
Yes. Should have an apostrophe. |
Jeremy Schneider |
Apr 01, 2009 |
|
| Printed |
Page 192
last paragraph |
In "(as discussed in)", there should be a reference to Recipe 5.6.
Note from the Author or Editor:
Correct. Should say "as discussed in Recipe 5.6". |
Jeremy Schneider |
Apr 01, 2009 |
|
| Printed |
Page 220
last paragraph |
In "Microsoft's also ....", there should be something after "Microsoft's".
Note from the Author or Editor:
Should say "Microsoft's Internet Explorer" |
Jeremy Schneider |
Apr 01, 2009 |
|
| Printed |
Page 223
5th paragraph |
"Bank of America Online" should probably be something like, "Bank of America's Online Banking".
Note from the Author or Editor:
The errata description is correct. According to BoA's website, the correct term is "Bank of America's Online Banking." See:
http://www.bankofamerica.com/accessiblebanking/index.cfm?template=ab_home_office&statecheck=AZ#online |
Jeremy Schneider |
Apr 01, 2009 |
|
|
| |
