This is a concise introduction to web security that includes hands-on web hacking tutorials. The book has three primary objectives: to help readers develop a deep understanding of what is happening behind the scenes in a web application, with a focus on the HTTP protocol and other underlying web technologies; to teach readers how to use the industry standard in free web application vulnerability discovery and exploitation tools - most notably Burp Suite, a fully featured web application testing tool; and finally, to gain knowledge of finding and exploiting the most common web security vulnerabilities. You will learn the basics of penetration testing so that you can test your own website's integrity and security; discover useful tools such as Burp Suite, DVWA, and SQLMap; and gain a deeper understanding of how your website works and how best to protect it.