Log in

No account? Create an account
The Titfield Thunderbolt Hue and Cry Whisky Galore The Man in The White Suit Previous Previous Next Next
What could possibly go wrong? - The Titfield Thunderbolt
Heisenberg might have stayed here
What could possibly go wrong?
Book Review: Web Application Security - A Beginner's Guide, by Bryan Sullivan and Vincent Liu
The title may be a bit misleading: to get the most out of this book, I think you have to be quite a competent web application developer to begin with. Although the authors have a Microsoft background, the content of the book is carefully language-independent. Topics covered include authentication and authorization, various injection attacks, database and file system security principles, and a general incorporation of security into engineering and management processes. It was a relief to read that I knew most of this, one way or another, already, and that I don't think we score badly on most of the OWASP top 10 at work (though that's not to say there are no areas where we could do to improve). Nevertheless it's useful to formalise knowledge about application security risks and holes, and I'm much clearer on the methods and effects of cross-site scripting and cross-site request forgery.

Tags: ,

Leave a comment