We are indebted to the directors and others at Next Generation Security Software,
who provided the right environment for us to realize the fi rst edition of this
book. Since then, our input has come from an increasingly wider community
of researchers and professionals who have shared their ideas and contributed
to the collective understanding of web application security issues that exists
today. Because this is a practical handbook rather than a work of scholarship,
we have deliberately avoided fi lling it with a thousand citations of infl uential
articles, books, and blog postings that spawned the ideas involved. We hope
that people whose work we discuss anonymously are content with the general
credit given here.
We are grateful to the people at Wiley — in particular, to Carol Long for
enthusiastically supporting our project from the outset, to Adaobi Obi Tulton
for helping polish our manuscript and coaching us in the quirks of “American
English,” to Gayle Johnson for her very helpful and attentive copy editing, and
to Katie Wisor’s team for delivering a fi rst-rate production.
A large measure of thanks is due to our respective partners, Becky and Amanda,
for tolerating the signifi cant distraction and time involved in producing a book
of this size.
Both authors are indebted to the people who led us into our unusual line
of work. Dafydd would like to thank Martin Law. Martin is a great guy who
fi rst taught me how to hack and encouraged me to spend my time developing
techniques and tools for attacking applications. Marcus would like to thank his
parents for everything they have done and continue to do, including getting me
into computers. I’ve been getting into computers ever since.