Artech House author Serge Borso is one of the foremost names in IT security, and he gave us insight as to how and why he came to write his latest book, The Penetration Tester's Guide to Web Applications. Read below for more:
When I made the switch from freelancing as an IT/Security consultant, to a salaried position with benefits, my first job title was, “Web Developer”. I remember using Dreamweaver (when it was Macromedia) and pushing changes to production servers as part of client go-lives. I would make HTML, CSS, and JavaScript updates, then modify the Velocity codebase, tweak the httpd.conf file as needed and other tasks that would full under the category of “full stack” development in today's world.
Within a year, right after I had earned my Master’s degree in Computer Systems Security, I moved to the operations team (at the same company) with a new title of “Security Specialist”.
In this role I setup sudoers files for hundreds of servers, helped create a fraud monitoring system and biometric two-factor authentication for our online banking applications, I dove into dumpsters searching for PII, created security awareness training programs and starting receiving penetration testing reports. These reports were from our clients (banks and credit unions) and highlighted vulnerabilities in our platform, applications and implementation. This is when I started taking a close look at offensive security and moving into the realm of penetration testing and attending OWASP meetings. That was over ten years ago. My first book, “The Penetration Tester’s Guide to Web Applications”, takes a close look at the OWASP top ten vulnerabilities from the perspective of the penetration tester, and walks the reader through how to identify and exploit each flaw in a meaningful way. It’s a must-have for anyone responsible for web app pen testing and from the feedback I have received, a very useful reference for those defending applications as well. Check it out.
For more information, or to order, click here.