The title was misleading. I assumed a "Web App Hacker" was someone who creates web apps, not someone who breaks into web apps ("Web App Cracker"). AFAIK, hacker news is not a news site for people who break into web apps.
Someone who creates web apps should be intimately familiar with the techniques used by people who break into web apps.
Dafydd Stuttard (book author) / PortSwigger created the Burp Suite web application security testing program, which I've found invaluable in performing security analysis of web apps during development.
My previous comment is a little tongue in cheek, but it would be cool if they weren't perpetuating the media stereotype that hacker == cracker. A bunch of other sticklers on "Hacker News" bring it up when people misuse the term.
Agreed. For instance someone who breaks into web apps but doesn't use this skill to sell user data or steal from users is not a cracker IMO, but a hacker (he could do this to satisfy its curiosity, for fun, or to tell the webmasters how to secure their web app better).
I bought the first one and it was brilliant. I've known Daf (the author) for a few years now, he's also the author of the amazing Burp Suite[1] - if you're a developer do try the free version then consider getting the pro suite, which has a stupid volume of features for a relatively small amount of money.
WAHH should be standard reading for anyone that wants to learn about Web Application attacks. I'd also highly recommend the Shellcoder's Handbook (although that could do with an update too).
I will definitely be buying both the 2nd edition of WAHH and the try it bits too when it comes out.
