Goodreads helps you keep track of books you want to read.
Start by marking “The Tangled Web: A Guide to Securing Modern Web Applications” as Want to Read:
The Tangled Web: A Guide to Securing Modern Web Applications
Enlarge cover
Rate this book
Clear rating
Open Preview

The Tangled Web: A Guide to Securing Modern Web Applications

4.07  ·  Rating Details  ·  242 Ratings  ·  22 Reviews
"Thorough and comprehensive coverage from one of the foremost experts in browser security."

—Tavis Ormandy, Google Inc.

Modern web applications are built on a tangle of technologies that have been developed over time and then haphazardly pieced together. Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle sec
Paperback, 320 pages
Published November 26th 2011 by No Starch Press (first published September 22nd 2011)
More Details... edit details

Friend Reviews

To see what your friends thought of this book, please sign up.

Reader Q&A

To ask other readers questions about The Tangled Web, please sign up.

Be the first to ask a question about The Tangled Web

Security Engineering by Ross J. AndersonSecrets and Lies by Bruce SchneierIntroduction to Security and Applied Cryptography by Bruce SchneierThe Practice of Network Security Monitoring by Richard BejtlichThe Tangled Web by Michal Zalewski
Information Security
5th out of 70 books — 19 voters
Social Engineering by Christopher HadnagyThe Tangled Web by Michal ZalewskiThe Web Application Hacker's Handbook by Dafydd StuttardThe Art of Deception by Kevin D. MitnickHacking Wireless Networks - The ultimate hands-on guide by Andreas Kolokithas
Books For the Aspiring Hacker
2nd out of 10 books — 4 voters

More lists with this book...

Community Reviews

(showing 1-30 of 905)
filter  |  sort: default (?)  |  Rating Details
Jari Pirhonen
Excellent source for browser and web application related security features. Underlines the current reality, that web app environment is (too) complex and full of features that are easy to forget, misconfigure or overlook. I must admit that I just browsed parts of the book because of its technicality, but this is a keeper in case I need to check some nitty-gritty details of browser, web protocols, plugins, Javascript, etc.

The book has a chapter of planned new security features, also. It was ment
May 09, 2013 Muhammad rated it it was ok
This book has a ton of complaints and not many suggestions to fix those issues.
Dec 05, 2012 Keith rated it it was amazing
Pretty horrifying to find out just how fucked the modern web is.
Mikko Kärkkäinen
Dec 17, 2014 Mikko Kärkkäinen rated it it was amazing
This was the first book I've read about web security, recommended by a fellow who lectured on the subject at our company. It wasn't organized exactly how I expected, but I think that was a good thing. I was expecting the book to list the vulnerabilities outlined in OWASP one by one, explaining what they are and how to prevent them. However, those were not discussed until at the very end of the book. Instead, the bulk of the book was really about understanding every little piece of the puzzle tha ...more
Jun 20, 2012 Michael rated it it was amazing
Shelves: security
I’ve been interested in IT security for a long time, but obviously even more so since I started working professionally in this area. Since web applications have become ubiquitous in recent years, they constitute a big part of our penetration testing work. This is a very broad topic, so The Tangled Web: A Guide to Securing Modern Web Applications by Michal Zalewski is an ambitious project.

The first thing I noticed was that the book is comparatively thin. At around 300 pages it’s only about one th
Nov 24, 2013 Will rated it really liked it
This is an excellent book. However, it's not so much about securing modern web applications as it is about describing browser holes. As it should be, since much of it was taken from Google's Browser Security Handbook -- still, it's distracting to see so much space being devoted to the topic of Java applets and frames when the best way to secure a modern web application is to NOT USE JAVA APPLETS OR FRAMES. So I took off a star for that.

It also falls into the common trap of spending more time det
Ahmed Sultan
Nov 08, 2015 Ahmed Sultan rated it liked it
Shelves: tech
Read about 2 times , Not bad to get an idea about the Client-side and browser's holes
But for web app pentesting generally!!!
It might not help a lot
But still suggest reading specially for those who already done with the classic web vulnerabilities and need deeper look at the browser's side
would classify it in the same category off "browser hacker's handbook" , but to be honest there is some nice tricks and notes regarding web technologies in this book and that's why am giving it 3*
Jun 11, 2016 Aleksey rated it it was ok
The author possesses a great amount of knowledge about web security, but unfortunately lacks the talent to explain the material in a coherent manner.
Lars Moelleken
Jan 01, 2016 Lars Moelleken rated it it was amazing  ·  review of another edition
Ein muss für jeden Webdeveloper!
Patrick Vinge
Feb 11, 2015 Patrick Vinge rated it it was amazing
Shelves: 2015
Frank Caron
Feb 19, 2015 Frank Caron rated it it was amazing  ·  review of another edition
A really important read for anyone working on web front-ends in 2015. Great overview of a ton of major issues and concerns, including a bunch of stuff that less-technical folk (like product owners) would benefit from knowing, particularly when it comes to thinking through test scenarios in highly-stringent environments (e.g., where PCI compliance is a concern). Very thorough and complete without being obtuse.
George Pollard
Jul 16, 2014 George Pollard rated it really liked it
In terms of 'depressing books' this is right up there with Wiesel's 'Night'
Not as good as I was expecting. I am actually surprised by the good reviews given above?!

The book is not technical .. just list of complains and not so much details about attacks or attacks vectors

If you're looking for the real deal .. check out: WAHH!
It's much more technical and detailed..

I will write full reviewed about it once done
Mostafa Siraj
Mar 04, 2015 Mostafa Siraj rated it it was amazing
One of the best web security books I read. Although the book is focusing mainly on browser security, you can learn 10s of relevant sophisticated web attacks by understanding browser security. The book is of course for advanced security professionals and not for beginners.
Zbyszek Sokolowski
Aug 06, 2013 Zbyszek Sokolowski rated it really liked it  ·  review of another edition
Shelves: technical
On one hand book is pretty interesting it shows that Web and it browsers are big security hole. Especially historical causes when people were unaware of security issues led to many problems. Reading this book confirms common bias that using Internet Explorer is not wisest idea.
Oct 12, 2012 Michael rated it really liked it
A wonderful book, that albeit highly specific to the state of browsers in the first decade of the 21st century, should still somewhat stand the test of time since, on the whole, industry doesn't seem to always take the time to learn from the past.
Mar 11, 2012 David rated it really liked it
Very detailed overview of web browser design and security. Will be dated soon, but for now, is the best resource of its kind. I'm still amazed that the web can be so exploitable, yet work so well.
Laszlo Mári
Mar 24, 2016 Laszlo Mári rated it really liked it
Pretty cool book, though at some points it's a bit dated
Sep 09, 2015 Kendra rated it really liked it
A great book, with a dry sense of humor and clear structure. A lot of it was over my head, but I still felt like it was worth reading.
Vaibhav Gupta
Jun 15, 2013 Vaibhav Gupta rated it it was amazing
The book discusses common web application vulnerabilities and also certain browser quirks which seem surprising and scary.
Nov 21, 2013 Josh rated it really liked it
This book is dripping with information. A second read is required to maximize its usefulness.
Nicholas Quirk
Aug 16, 2013 Nicholas Quirk rated it really liked it
Shelves: computing
Good book for anyone new to web development after the dot com era.
Arun marked it as to-read
Jun 24, 2016
Ollie marked it as to-read
Jun 24, 2016
Pauli is currently reading it
Jun 24, 2016
Shivam Dixit
Shivam Dixit marked it as to-read
Jun 17, 2016
AleRitty marked it as to-read
Jun 15, 2016
Alexander marked it as to-read
Jun 15, 2016
Andrew David Burt
Andrew David Burt marked it as to-read
Jun 15, 2016
« previous 1 3 4 5 6 7 8 9 30 31 next »
There are no discussion topics on this book yet. Be the first to start one »
  • The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws
  • Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
  • The Practice of Network Security Monitoring: Understanding Incident Detection and Response
  • Metasploit: The Penetration Tester's Guide
  • A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security
  • Penetration Testing: A Hands-On Introduction to Hacking
  • Rootkits: Subverting the Windows Kernel
  • Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems
  • The Art of Software Security Assessment: Identifying and Avoiding Software Vulnerabilities
  • Reversing: Secrets of Reverse Engineering
  • Gray Hat Python: Python Programming for Hackers and Reverse Engineers
  • Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning
  • Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers
  • Security Engineering: A Guide to Building Dependable Distributed Systems
  • The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler
  • The Shellcoder's Handbook: Discovering and Exploiting Security Holes
  • The Art of Assembly Language
  • Hacking: The Art of Exploitation

Goodreads is hiring!

If you like books and love to build cool products, we may be looking for you.
Learn more »

Share This Book