- Not too technical, but not too simplistic either
- Covers every aspect of web development security
- None
- Covers the full range of potential vulnerabilities in web coding
- Example scenarios are very helpful to illustrate just how a vulnerability might be exploited
- Excellent book for developers- but also useful for managers, security administrators and even users
I am not a developer per se, but I still found the book very engaging and educational. The book is not based on any one platform or programming language which means that A) it has a broad audience rather than a specific platform or application target and B) it is written in English rather than techie so we can all understand it.
Huseby demonstrates a number of ways to exploit code- possible fodder for would-be hackers and crackers. Of course, the professional hackers already know this stuff which is why a book like this is required. The examples are eye-opening and will demonstrate very quickly just how easy it is to capitalize on minor flaws in web coding.
Innocent Code, subtitled A Security Wakeup Call For Web Programmers, outlines 27 rules that Huseby says web developers should follow. The book is divided into sections- Basics, Passing Data to Sub-Systems, User Input, Output Handling, Web Trojans and Passwords and Other Secrets.
As I said- this should be required reading for web developers. However, it is an excellent book for security administrators, managers of web developers and even users of the web to gain a better understanding of the potential pitfalls out there.