Errata

Errata for Web Application Security, Second Edition

Submit your own errata for this product.

The errata list is a list of errors and their corrections that were found after the product was released.

The following errata were submitted by our customers and have not yet been approved or disproved by the author or editor. They solely represent the opinion of the customer.

Color Key: Serious technical mistake Minor technical mistake Language or formatting error Typo Question Note Update

Version	Location	Description	Submitted by	Date submitted
O'Reilly learning platform	Page Preface01 https://learning.oreilly.com/library/view/web-application-security/9781098143923/preface01.html#:-:text=I%20sincerely%20that%20hope	Author says here "I sincerely that hope" where I think he meant to say "I sincerely hope that" which seems to be a typo.	Anonymous	Mar 20, 2024
O'Reilly learning platform	Page Chapter 4 Zone Transfer Attacks: 7th paragraph	I'm not aware of any version of the host command where the query type for the -t option is optional. I guess it is a typo, so instead of host -t mega-bank.com ... The -t flag specifies we want to request the nameservers ... it would be: host -t NS mega-bank.com ... The -t NS flag specifies we want to request the nameservers ...	Miguel Macías	Jul 02, 2024
O'Reilly learning platform	Page Chapter 4 Brute Forcing Subdomains: last paragraph	The last example of the section shows a possible output of the proposed code, where discovered subdomains with 3, 4 or 5 characters in length appear: ... { subdomain: 'mail', ip: '12.32.244.156' }, { subdomain: 'admin', ip: '123.42.12.222' }, { subdomain: 'dev', ip: '12.21.240.117' }, ... But the previous code only generates fixed length subdomains (4 characters in the example). Thus, the output shown cannot correspond to the designed program. It's easy to adapt the program to try to discover subdomains of different lengths, but it would be important to point this out in the book.	Miguel Macías	Jul 02, 2024