The Tangled Web: A Guide to Securing Modern Web Applications
The Tangled Web is destined to be the definitive guide to web application security. Rather than simply enumerate known vulnerabilities or lay down a series of commandments from on high, famed security expert Michal Zalewski takes an in-depth look at how browsers actually work, how to leverage their features, and what pitfalls lurk in the shadows. An outgrowth of Zalewski's...more
A bit dated as any 7 year old web related book, I picked it up to get a good grasp of the definition and impact of things like XSS, XSRF, Header splitting, etc.
Most of the book is still relevant but some stuff should be revalidated since they may be deprecated like XDomainRequest.
What I like about these older books concerning the web is that they're an easy read, that is, by having a bit of knowledge of some of the concepts, getting a deeper understanding is straight forward.
It St ...more
The first thing I noticed was that the book is comparatively thin. At around 300 pages it’s only about one th ...more
Even though some of the discussed problems have been mitigated during the years, and there are more secure methods available, the book is still very interesting, and some of the attacks are still relevant.
Which this book was published, IE had a 40% market share, followed by Firefox with 30%, and Chrome with only 20%. Given that more recent numbers show Chrome with 70%, FF with 10%, and IE + Edge together only at 10%... the Internet ...more
I have a background in developing web applications on both the server and the front end, so I feel like I ought to be able to get something out of this. But the book has a pattern of going on for a long time into internet basics that I'm already familiar with, then suddenly dives into particular vulnerabilities that are so poorly explained that I can't tell whether they're hap ...more
"Part of the problem is that said experts have long been dismissive of the whole web security ruckus, unable to understand what it was all about. They have been quick to label web security flaws as trivial manifestations of the confused deputy problem or of some ...more
But really: decently interesting read, though definitely in more of a reference format than Silence on the Wire. I learned a few new things, and would definitely come back if building a site with user accounts. Yes, at six years old some parts are getting a little dated (IE6 security problems aren't that much of a burden, thankfully), but it's not like XSS isn't an issue these days.
It also falls into the common trap of spending more time det ...more
The book has a chapter of planned new security features, also. It was ment ...more
But for web app pentesting generally!!!
It might not help a lot
But still suggest reading specially for those who already done with the classic web vulnerabilities and need deeper look at the browser's side
would classify it in the same category off "browser hacker's handbook" , but to be honest there is some nice tricks and notes regarding web technologies in this book and that's why am giving it 3*
The book is not technical .. just list of complains and not so much details about attacks or attacks vectors
If you're looking for the real deal .. check out: WAHH!
It's much more technical and detailed..
I will write full reviewed about it once done
Goodreads is hiring!
Learn more »