Features
- Cover Type: Paperback with 246 pages
- Published by: Wiley
- Edition: 1st Edition March 12, 2004
- Written in: English
- ISBN 10 Number: 0470857447
- ISBN 13 Number: 978-0470857441
-
Book Dimensions:
9.1 x 7.4 x 0.6 inches
- Weighs: 1 pounds
Product Review
the security book that all web developers need to readsound adviceignore at peril (Tech Book Report, January 2004)
"achieves its aims admirably" (PC Utilities, April 2004)
should be required reading for web developers (about.com, March 2004)
if you are a web techie you will love this book, I did (Infosecurity Today, July 04)
Product Description
- This concise and practical book shows where code vulnerabilities lie-without delving into the specifics of each system architecture, programming or scripting language, or application-and how best to fix them
- Based on real-world situations taken from the author's experiences of tracking coding mistakes at major financial institutions
- Covers SQL injection attacks, cross-site scripting, data manipulation in order to bypass authorization, and other attacks that work because of missing pieces of code
- Shows developers how to change their mindset from Web site construction to Web site destruction in order to find dangerous code
Reader ReviewsThis book is similar in many respects to Web Hacking: Attacks and Defense (ISBN 0201761769). While that book was aimed at security professionals who needed to understand the exposures and vulnerabilities in web systems that were commonly exploited by the bad guys and gals, this book is aimed more at developers. Like for former book, this one systematically covers exposures and vulnerabilities, and provides remedies at the code level. What sets this book apart is every component of a modern web site, from web server to backend database is covered, problem areas from a developer's perspective are highlighted, and solutions for resolving the problem areas given. I like this book because developers, from casual hobbyists to professionals, will easily grasp the information. More importantly, the material is not insultingly simple to experienced developers, nor is it over the head of less experienced ones. Another reason I like this book is in systematically uncovering exposures the QA team can also use this book as a sourcebook for developing a baseline set of test cases that will catch security-related problems during acceptance, functional qualification, or regression test cycles. In my opinion not only should web developers (including DBAs) and QA professionals read this book, but it should also be adopted by development organizations and projects as a part of coding standards.
Search for books at
