As authors mention along the book, the web browser may be the most important piece of software currently. It dominates the client side in the server-client model.
This book covers the way how hackers and crackers attack the browser from a perspective of pretending to be a non-malicious web server sending valid communication to the web browser. The browser exploitation framework project (BeEF) is used to illustrate many of the practical attacks and techniques in the book.
The book is organized in 10 chapters based on the attacking method. They are: Web Browser Security, Initiating Control, Retaining Control, Bypassing the Same Origin Policy, Attacking Users, Attacking Browsers, Attacking Extensions, Attacking Plugins, Attacking Web Applications and Attacking Networks. The book closes with an epilogue exploring thoughts around the future of browser security.
One of the most interesting chapters in the book is the Web Browser Security section. It explores the micro-perimeter paradigm needed to defend organizations today, and examine some fallacies that continue to propagate insecure practices. Together with relevant browser concepts and core problems with browser security, it introduces the methodology used in the book. If you own some security background, I would say you can read chapters out of order but I would consider this first chapter as a must. It offers a great overview and context.
One of the strengths in this book is the level of detail with documentation, references and links. This material is updated.
In the weak side, this book is too long. I found this book lacking of rhythm along the most technical chapters but if you like the topics it won’t be an issue.
In summary, I think this book is a good resource for pen-testers and offensive security practitioners. If offers an accurate vision of browsers security together with a methodology organizing the different and required offensive steps in a practical attack. With a possible second edition, I guess the authors should take in consideration a shorter book. I found this book a bit verbose but an interesting and useful resource.
I found this book available here:
The next technical review 