Monday, April 23, 2007

XSS Attacks book

"XSS is the New Buffer Overflow, JavaScript Malware is the New Shell Code"

At long last, we put the finishing touches on our new book (XSS Attacks), the cover art, and sample chapter (including ToC). It’ll be sent to the printers May 5 and shipped a few days after. Woohoo!

I’ve written two book forewords in the past, but this is my first experience as an author so I’m really excited about the release. Only a couple years ago the idea of an entire book dedicated to XSS would have been crazy. Today the general feeling is that there’s FINALLY going to be one available. Especially for me who must explain the finer points daily.

In writing this book, the shock to me was how much there is about XSS to cover. In fact there was so much data we had to cut back a significant amount, otherwise we’d have to write two books. What this also means is that the content found within the pages is high quality and densely packed. Great for people just getting up to speed on XSS and a solid reference for those who desire a deeper understanding of the attack technique specifics currently scattered all over.

I also wanted to give major kudos to the other authors who made this possible RSnake, Anton Rager, and especially Seth Fogie and pdp (architect), who really went above and beyond. You guys rocked. And thank you to Andrew Williams (Managing Editor, Syngress Publishing), a publisher I’d highly recommend to anyone and hope to work with again in the future. Writing a technical book is hard, really hard, and there is no substitute for a good team.


Anonymous said...

Congratulations! :) I can't wait to get my hands on a copy.

Christian Matthies said...

Excellent Jeremiah, I'm really curious to read it. Thank you very much.

I think that book is going to put a lot of themes up for discussion on

Andrew Hay said...

Congrats Jeremiah,

If you need a technical reviewer please don't hesitate to contact me. I'm currently waiting on Harlan Carvey's "Windows Forensic Analysis" to be shipped from the publisher for review and I'd love the chance to review yours as well. You can get a hold of me at andrewsmhay [at] / if you're interested.

Anonymous said...

Kudos to the authors!

Good luck,

Anonymous said...

Congrats to Jeremiah et al. I'm looking forward to the book when it comes out. Minor nitpick of something that will probably get fixed anyway before it goes to press: are the references to XXS (e.g. SeXXS Offenders and Thinking outside the BoXXS) in the ToC typos or am I just missing something obvious? :>

Jeremiah Grossman said...

mirko, christ1an, reillyb, andrew, reillyb: Thank you very much. I'm hearing good things from the publisher about sales. Can't complain about that! :)

andew: Will do. Currently working with Seth Fogie, one of the allstars on this project. If a project comes up that Seth can currently tackle, I may give a ya jingle.

Seth Fogie said...

BAh! Can't believe that was all starts to blur after a while :)

It has been noted and will be fixed on second print!

Note to all - If you find any typos, errors, bugs, etc., feel free to send them our way so it can be corrected the next time a print order is sent in.


Anonymous said...


Whew -- my upcoming book and undisclosed XXS technique is safe!

If you want to send me advance PDFs of all the chapters, I'll be happy to proofread: reillyb [at] FWIW, I *hate* ebooks and even if I get PDFs I promise I'll hit Bookpool up for a print copy. :>

Anonymous said...

Congratulate you Jeremiah and all team of authors.

It is good that this book is finished and is on the way to the shelves. Good reading for everyone. There will be more sources of professional and useful information about XSS soon.