Goodreads helps you keep track of books you want to read.
Start by marking “The Tangled Web: A Guide to Securing Modern Web Applications” as Want to Read:
The Tangled Web: A Guide to Securing Modern Web Applications
Enlarge cover
Rate this book
Clear rating
Open Preview

The Tangled Web: A Guide to Securing Modern Web Applications

4.12 of 5 stars 4.12  ·  rating details  ·  156 ratings  ·  13 reviews
"Thorough and comprehensive coverage from one of the foremost experts in browser security."

—Tavis Ormandy, Google Inc.

Modern web applications are built on a tangle of technologies that have been developed over time and then haphazardly pieced together. Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle sec
Paperback, 320 pages
Published November 26th 2011 by No Starch Press (first published September 22nd 2011)
more details... edit details

Friend Reviews

To see what your friends thought of this book, please sign up.

Reader Q&A

To ask other readers questions about The Tangled Web, please sign up.

Be the first to ask a question about The Tangled Web

The Tangled Web by Michal ZalewskiThe Web Application Hacker's Handbook by Dafydd StuttardA Bug Hunter's Diary by Tobias KleinSocial Engineering by Christopher HadnagyA Guide to Kernel Exploitation by Enrico Perla
Books For the Aspiring Hacker
1st out of 7 books — 2 voters
Security Engineering by Ross J. AndersonIntroduction to Security and Applied Cryptography by Bruce SchneierSecrets and Lies by Bruce SchneierPractical Malware Analysis by Michael SikorskiA Bug Hunter's Diary by Tobias Klein
Information Security
11th out of 64 books — 12 voters

More lists with this book...

Community Reviews

(showing 1-30 of 561)
filter  |  sort: default (?)  |  rating details
This book has a ton of complaints and not many suggestions to fix those issues.
Pretty horrifying to find out just how fucked the modern web is.
Mikko Kärkkäinen
This was the first book I've read about web security, recommended by a fellow who lectured on the subject at our company. It wasn't organized exactly how I expected, but I think that was a good thing. I was expecting the book to list the vulnerabilities outlined in OWASP one by one, explaining what they are and how to prevent them. However, those were not discussed until at the very end of the book. Instead, the bulk of the book was really about understanding every little piece of the puzzle tha ...more
I’ve been interested in IT security for a long time, but obviously even more so since I started working professionally in this area. Since web applications have become ubiquitous in recent years, they constitute a big part of our penetration testing work. This is a very broad topic, so The Tangled Web: A Guide to Securing Modern Web Applications by Michal Zalewski is an ambitious project.

The first thing I noticed was that the book is comparatively thin. At around 300 pages it’s only about one th
This is an excellent book. However, it's not so much about securing modern web applications as it is about describing browser holes. As it should be, since much of it was taken from Google's Browser Security Handbook -- still, it's distracting to see so much space being devoted to the topic of Java applets and frames when the best way to secure a modern web application is to NOT USE JAVA APPLETS OR FRAMES. So I took off a star for that.

It also falls into the common trap of spending more time det
George Pollard
In terms of 'depressing books' this is right up there with Wiesel's 'Night'
عَبدُالكَرِيمْ  الهاشمي
Not as good as I was expecting. I am actually surprised by the good reviews given above?!

The book is not technical .. just list of complains and not so much details about attacks or attacks vectors

If you're looking for the real deal .. check out: WAHH!
It's much more technical and detailed..

I will write full reviewed about it once done
Zbyszek Sokolowski
On one hand book is pretty interesting it shows that Web and it browsers are big security hole. Especially historical causes when people were unaware of security issues led to many problems. Reading this book confirms common bias that using Internet Explorer is not wisest idea.
A wonderful book, that albeit highly specific to the state of browsers in the first decade of the 21st century, should still somewhat stand the test of time since, on the whole, industry doesn't seem to always take the time to learn from the past.
Very detailed overview of web browser design and security. Will be dated soon, but for now, is the best resource of its kind. I'm still amazed that the web can be so exploitable, yet work so well.
Vaibhav Gupta
The book discusses common web application vulnerabilities and also certain browser quirks which seem surprising and scary.
This book is dripping with information. A second read is required to maximize its usefulness.
Nicholas Quirk
Good book for anyone new to web development after the dot com era.
Computeristgeek marked it as to-read
Jan 25, 2015
Zane Riley
Zane Riley marked it as to-read
Jan 23, 2015
Lawrence Furnival
Lawrence Furnival is currently reading it
Jan 23, 2015
Matt marked it as to-read
Jan 23, 2015
Martin Ingesen
Martin Ingesen marked it as to-read
Jan 22, 2015
Polishsputnik is currently reading it
Jan 22, 2015
Khaled marked it as to-read
Jan 22, 2015
Chris Wolfe
Chris Wolfe marked it as to-read
Jan 22, 2015
Omri marked it as to-read
Jan 21, 2015
Ryan Burrows
Ryan Burrows marked it as to-read
Jan 19, 2015
Alexey Belkov
Alexey Belkov marked it as to-read
Jan 18, 2015
Mathemagician marked it as to-read
Jan 18, 2015
Sichu marked it as to-read
Jan 17, 2015
« previous 1 3 4 5 6 7 8 9 18 19 next »
There are no discussion topics on this book yet. Be the first to start one »
  • The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws
  • Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
  • Metasploit: The Penetration Tester's Guide
  • Reversing: Secrets of Reverse Engineering
  • Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning
  • Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers
  • Security Engineering: A Guide to Building Dependable Distributed Systems
  • Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems
  • The Shellcoder's Handbook: Discovering and Exploiting Security Holes
  • Gray Hat Python: Python Programming for Hackers and Reverse Engineers
  • Hacking: The Art of Exploitation
  • Gray Hat Hacking: The Ethical Hacker's Handbook
  • High Performance Browser Networking
  • Cryptography Engineering: Design Principles and Practical Applications
  • Hacker's Delight
  • Linux Kernel Development
  • The Linux Programming Interface: A Linux and UNIX System Programming Handbook
  • Concepts, Techniques, and Models of Computer Programming

Goodreads is hiring!

If you like books and love to build cool products, we may be looking for you.
Learn more »
Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks Stille Im Netz Cisza w sieci Browser Security Handbook

Share This Book