Web Application Security, A Beginner’s Guide
Web Application Security, A Beginner’s Guide
Security Smarts for the Self-Guided IT Professional “Get to know the hackers—or plan on getting hacked. Sullivan and Liu have created a savvy, essentials-based approach to web app security packed with immediately applicable tools for any information security practitioner sharpening his or her tools or just starting out.” —Ryan McGeehan, Security Manager, Facebook, Inc. Secure web applications from today’s most devious hackers. Web Application Security: A Beginner’s Guide helps you stock your security toolkit, prevent common hacks, and defend quickly against malicious attacks. This practical resource includes chapters on authentication, authorization, and session management, along with browser, database, and file security–a
List Price: $ 40.00
Price: $ 21.70
]
Impressive and relevant book on Application Security,
I was given the chance to read an early release of this book since I’ve been focusing on application security (appsec) professionally for several years. I was skeptical, since many of the appsec books in the market are attack focused, a topic that has already been well covered.
I was pleasantly surprised reading “Web Application Security, A Beginners Guide”. First of all, it was very clearly written and is sensible and accessible. It’s also very complete for a beginners book. I was surprised at just how much relevant information was covered on each topic. Last, it covers application defense in a very detailed and relevant way. This is a good “first book” for a web application programmer who wants to write secure applications.
I think that this is a good book not just for a beginner at application security, for even seasoned security professionals should give this a read. I have not seen so much relevant and pragmatic detail around application security defense until I picked up this book.
Was this review helpful to you?
|If you haven’t thought about security yet – this is the book for you.,
It’s rather strange for me reviewing Web Application Security – A Beginner’s Guide given that I’ve written a book on the same topic, but as I know one of the authors, Bryan Sullivan and McGraw Hill offered me a copy for review it seems rather churlish not to.
Bryan and Vincent Liu have produced a book which is technology agnostic, covering web security via principles rather than sample code. It is a complete beginner’s book, suitable for a developer who has never thought about security before or for a manager to try to figure out just what the heck their developers are talking about and why they want to spend some extra development time locking something down.
As the book is principle based it’s easy to read through, each chapter does contain a lot of information about the topic under discussion – for example the authorization chapter covers not just where to authorize but types of permissions, controls, client side attacks, exploits, session management and SSL. The book doesn’t stay just on the server application, it reaches out to browser security, database security, file server security and how to build security into your processes and development cycle.
This isn’t a book a developer can use to solve their problems, rather it’s a book that should send them off to learn more about their specific languages or frameworks. The advice contained inside is practical though and provides checklists for readers to use to ensure they’re thinking in the right way. You’ll end up knowing what the problems are and how to solve them in theory, but to learn how to solve them in practice for your system is left as an exercise for the reader. This isn’t a bad thing at all, when you hunt down and figure out the solution on your own, or research further with other books or resources the resulting solution may stick with you for longer, rather than just having the code given to you on a plate.
If you’re a developer than already knows some of the risks you may be better off with a book targeted at your area of expertise. If you haven’t thought about security yet, or even better, you’re a student who is just starting out on web application development then this book is for you. Frankly I’d like to ram it into the brain of every student currently doing any development courses at university, the knowledge gained would save us all a lot of trouble in a few years time.
Was this review helpful to you?
|A great book for those new to web security,
I think this is a great book for those new to web security.
It’s easy for security experts like Bryan and Vinnie to overwhelm people new to the field, and they do an excellent job of avoiding that risk. How to effectively avoid risks is a theme throughout the book, and the authors do a really good job of keeping it conversational, understandable, and applicable.
I’d also like to address a claim made by Blowdart “This isn’t a book a developer can use to solve their problems, rather it’s a book that should send them off to learn more about their specific languages or frameworks.” I get where he’s coming from, and respectfully disagree. The book isn’t a cookbook with 1,001 recipes for blocking SQL Injection, but it covers input validation, regexps, escaping input, and driving into stored procedures or prepared statements along with the risks. I think that’s a good level of understanding that a developer should have so that they know the strategy and approaches to take; writing code in a specific language is left as an exercise for the reader. Digging in deeper would mean that there’s a new book every 2-3 years to address the latest way to copy a string safely. This book strikes a good, practical balance.
Lastly, I should mention that Bryan works down the hall, gave me a copy, and cites a bunch of my work in the book.
Was this review helpful to you?
|