Mikko Kärkkäinen's Reviews > The Tangled Web: A Guide to Securing Modern Web Applications

The Tangled Web by Michal Zalewski
Rate this book
Clear rating

U 50x66
's review

it was amazing

This was the first book I've read about web security, recommended by a fellow who lectured on the subject at our company. It wasn't organized exactly how I expected, but I think that was a good thing. I was expecting the book to list the vulnerabilities outlined in OWASP one by one, explaining what they are and how to prevent them. However, those were not discussed until at the very end of the book. Instead, the bulk of the book was really about understanding every little piece of the puzzle that makes the web, the browsers and the servers communicate and work. It started from HTTP mechanics, onto HTML quirks, CSS, Javascript... all these little pieces were covered.

The aim of the book, as I see it, was to make the reader first understand how the web works. In each chapter security issues were discussed basically related to the topics discussed in that chapter, while linking it, from time to time, to the big picture, which is, basically, the OWASP list of vulnerabilities.

So, while the book was not organized the way I expected, I really ended up liking the way it is now. I now know a lot more about each component of the web, which helps me understand the security issues better. This book is also remarkable in the sense that it doesn't waste time on irrelevant issues: I felt that every page and every chapter contained information that is useful. The writing style was very consistent and to the point.

Highly recommended.

Sign into Goodreads to see if any of your friends have read The Tangled Web.
Sign In »

Reading Progress

October 23, 2013 – Shelved
October 23, 2013 – Shelved as: to-read
September 27, 2014 – Started Reading
December 15, 2014 – Finished Reading

No comments have been added yet.