Internet / Network Security

  1. Home
  2. Computing & Technology
  3. Internet / Network Security

Book Review: Innocent Code

About.com Rating four out of Five

From Tony Bradley, CISSP, MCSE2k, MCSA, A+, for About.com

Innocent Code

The Bottom Line

A lot of attention is paid to application and operating system vulnerabilities. Often, vulnerabilities in applications such as Internet Explorer or Netscape can result in an insecure web browsing experience. Sometimes the insecure web browsing is the fault of the web site itself though. Sverre Huseby illustrates all of the ways that a web site might be insecure and how to write the code so that those security issues will be solved.
Pros
  • Not too technical, but not too simplistic either
  • Covers every aspect of web development security
Cons
  • None

Description

  • Covers the full range of potential vulnerabilities in web coding
  • Example scenarios are very helpful to illustrate just how a vulnerability might be exploited
  • Excellent book for developers- but also useful for managers, security administrators and even users

Guide Review - Book Review: Innocent Code

This book should arguably be required-reading for all web developers. In Innocent Code, Sverre Huseby shows just how various flaws in web coding and information handling on web sites can lead to exploitation.

I am not a developer per se, but I still found the book very engaging and educational. The book is not based on any one platform or programming language which means that A) it has a broad audience rather than a specific platform or application target and B) it is written in English rather than techie so we can all understand it.

Huseby demonstrates a number of ways to exploit code- possible fodder for would-be hackers and crackers. Of course, the professional hackers already know this stuff which is why a book like this is required. The examples are eye-opening and will demonstrate very quickly just how easy it is to capitalize on minor flaws in web coding.

Innocent Code, subtitled A Security Wakeup Call For Web Programmers, outlines 27 rules that Huseby says web developers should follow. The book is divided into sections- Basics, Passing Data to Sub-Systems, User Input, Output Handling, Web Trojans and Passwords and Other Secrets.

As I said- this should be required reading for web developers. However, it is an excellent book for security administrators, managers of web developers and even users of the web to gain a better understanding of the potential pitfalls out there.

Compare Prices

Explore Internet / Network Security

About.com Special Features

Build Your Own Website

Step-by-step advice on how to do everything from choosing a Web host to promoting your content. More >

Connect Your Home Computers

Easy ways to connect two computers for networking purposes. More >

Internet / Network Security

  1. Home
  2. Computing & Technology
  3. Internet / Network Security
  4. Product and Book Reviews
  5. Read Book Reviews
  6. Sorted by Title
  7. I
  8. Book Review: Innocent Code

©2009 About.com, a part of The New York Times Company.

All rights reserved.