qatsi (qatsi) wrote,

What could possibly go wrong?

Book Review: Web Application Security - A Beginner's Guide, by Bryan Sullivan and Vincent Liu
The title may be a bit misleading: to get the most out of this book, I think you have to be quite a competent web application developer to begin with. Although the authors have a Microsoft background, the content of the book is carefully language-independent. Topics covered include authentication and authorization, various injection attacks, database and file system security principles, and a general incorporation of security into engineering and management processes. It was a relief to read that I knew most of this, one way or another, already, and that I don't think we score badly on most of the OWASP top 10 at work (though that's not to say there are no areas where we could do to improve). Nevertheless it's useful to formalise knowledge about application security risks and holes, and I'm much clearer on the methods and effects of cross-site scripting and cross-site request forgery.
Tags: books, computing
  • Post a new comment


    default userpic

    Your reply will be screened

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.