To get the most out of this book

To get the full experience following through the exercises, you should have a basic background in web application development - understanding the general patterns that power the modern web at a high level (for example, server-client, cookies as authentication, HTTP as a stateless protocol) as well as being comfortable with basic web technologies such as HTML/CSS, JavaScript, the browser, TCP/IP, and others. Having some penetration testing experience is helpful, but not strictly required. We also make regular use of the command line in this work, but there are often GUI-related workarounds.

If you have gaps in any of the above topics, I encourage you to still give the book a try. Additional resources, illustrative examples, and links to outside pentesting resources are designed to provide more context if you're stumped on any particular section.