What do you think?
Rate this book
Web Application Security, A Beginner's Guide
“Get to know the hackers―or plan on getting hacked. Sullivan and Liu have created a savvy, essentials-based approach to web app security packed with immediately applicable tools for any information security practitioner sharpening his or her tools or just starting out.” ―Ryan McGeehan, Security Manager, Facebook, Inc. Secure web applications from today's most devious hackers. Web Application A Beginner's Guide helps you stock your security toolkit, prevent common hacks, and defend quickly against malicious attacks. This practical resource includes chapters on authentication, authorization, and session management, along with browser, database, and file security--all supported by true stories from industry. You'll also get best practices for vulnerability detection and secure development, as well as a chapter that covers essential security fundamentals. This book's templates, checklists, and examples are designed to help you get started right away. Web Application A Beginner's Guide
- GenresProgrammingTechnical
352 pages, Paperback
First published December 2, 2011
21 people are currently reading
146 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 8 of 8 reviews
March 12, 2018
Really nice introduction for common web application security flaws. It explains the concepts not only for seasoned developers but also for beginners. There are also some extra information which is good since it is not easy to find such kind of combined info together.
Each web application developer either working in back-end or front-end should read this book, or at least should check XSS and SQL Injection part.
Only problem is that some examples seems to be a bit old like FxCop is already named as Code Analysis Tool in latest version of Visual Studio.
Each web application developer either working in back-end or front-end should read this book, or at least should check XSS and SQL Injection part.
Only problem is that some examples seems to be a bit old like FxCop is already named as Code Analysis Tool in latest version of Visual Studio.
March 24, 2023
Overall it's a good starting point for anyone new to the topic of web application security. While it may not be the most up-to-date resource available, it still has some valuable information that is worth knowing and remembering.
The best part is actually the saga about wizard and his trees ;)
Fun quote from the book: "We’ve worked with some teams who use agile development methodologies, and whose entire release lifecycle from the planning stage to deployment on the production server is only one week long. It’s tough to convince these kinds of hummingbird quick team."
Nowadays, we deploy daily, which shows how much things have changed since the book was published.
The best part is actually the saga about wizard and his trees ;)
Fun quote from the book: "We’ve worked with some teams who use agile development methodologies, and whose entire release lifecycle from the planning stage to deployment on the production server is only one week long. It’s tough to convince these kinds of hummingbird quick team."
Nowadays, we deploy daily, which shows how much things have changed since the book was published.
December 3, 2019
It is a really good book to give you a comprehensive understanding of what types of security considerations should be taken into account for web applications.
Very good explanation of vulnerabilities, what causes them and how to defend against them.
It presents some good tools, which may be out dated, but still gives some clues.
I can 100% suggest this book to absolutely beginners.
Very good explanation of vulnerabilities, what causes them and how to defend against them.
It presents some good tools, which may be out dated, but still gives some clues.
I can 100% suggest this book to absolutely beginners.
March 16, 2016
This is, in my opinion, the best book to get started into web application security both as a developer and as an attacker.
Although, the book speaks from a defender's perspective and focuses on how to improve your web application rather than hacking it, it can, however, also help you in your web application hacking journey.
The write up is absolutely brilliant with the best analogies to get you the core concept. If you're a beginner looking for a conceptual book then this is the ultimate book for you!
Although, the book speaks from a defender's perspective and focuses on how to improve your web application rather than hacking it, it can, however, also help you in your web application hacking journey.
The write up is absolutely brilliant with the best analogies to get you the core concept. If you're a beginner looking for a conceptual book then this is the ultimate book for you!
June 4, 2016
Wonderful presentation to explain XSS and SQL injection. This book has tips even for seasoned web developers. Must read for all professionals building public facing websites.
November 5, 2016
Good presentation about security issues involved with web application security approaching to teach "how to think like a defender" instead of "thinking like a "redhat".
January 25, 2017
This is a good intruduction to the subject. Well worth a read
April 8, 2017
Security is not the thing that you can do it right at the first time. If you get enough time and experience in software development field, then it's time for stepping into security aspect. Just as this name, this book provides concepts and fundamentals of web application security with good examples through each chapter.
Displaying 1 - 8 of 8 reviews