The book reads well sequentially. However, many of the chapters can stand on their own. The first three chapters provide background information on which the rest of the book is based. Chapter 4, Becoming a Malicious Client, and Chapter 5, Becoming a Malicious Server, explain how network traffic can be manipulated. Many of the attacks we discuss require manipulating network traffic. Chapter 8, Buffer Overflows and Stack and Heap Manipulation, and Chapter 9, Format String Attacks, go together and deal with attacks where attackers can directly manipulate memory to run arbitrary code. Chapter 18, ActiveX Repurposing Attacks, and Chapter 19, Additional Repurposing Attacks, also go together and discuss various repurposing attacks. In the back of the book, you will find a list of tools and where to find them (Appendix A) and a security test case cheat sheet, which includes some basic test cases to get you started (Appendix B).
Most chapters start with a high-level outline and conclude by summarizing some no- nonsense testing tips. Some chapters also include walkthroughs you can follow along with on your computer.