Innocent Code: A Security Wake-Up Call for Web Programmers

by Sverre H. Huseby

This concise and practical book shows where code vulnerabilities lie-without delving into the specifics of each system architecture, programming or scripting language, or application-and how best to fix them Based on real-world situations taken from the author's experiences of tracking coding mistakes at major financial institutions Covers SQL injection attacks, cross-site scripting, data manipulation in order to bypass authorization, and other attacks that work because of missing pieces of code Shows developers how to change their mindset from Web site construction to Web site destruction in order to find dangerous code

Genres: Technology, Programming, Business

248 pages, Paperback

First published March 12, 2004

Reviews

[Jesse Houwing · Rating 3 out of 5]

While all of the principles still apply, the book is starting to show its age. Samples in 'old' languages and providing examples, which, when ported to modern technology would now also be considered weak.

[Rasmus · Rating 3 out of 5]

Great book for junior developers looking for an introduction to web security. A bit too basic for the more experienced developers. You should not be allowed to write a public web application without the knowledge in this book.

[Looben · Rating 5 out of 5]

A awesome book that can let you know what to consider on the source code level about security when developing web applications. Full of real cases and insightful analysis.

[Tomáš · Rating 4 out of 5]

Pretty good web programing security eye opener - just what this book says