Start reading Innocent Code: A Security Wake-Up Call for Web Programmers on your Kindle in under a minute. Don't have a Kindle? Get your Kindle here.

Deliver to your Kindle or other device

 
 
 

Try it free

Sample the beginning of this book for free

Deliver to your Kindle or other device

Read books on your computer or other mobile devices with our FREE Kindle Reading Apps.
Innocent Code: A Security Wake-Up Call for Web Programmers
 
 
Share your own customer images

Innocent Code: A Security Wake-Up Call for Web Programmers [Kindle Edition]

Sverre H. Huseby (Author)
Digital List Price: £22.39 What's this?
Print List Price: £24.99
Kindle Price: £17.91 includes VAT* & free wireless delivery via Amazon Whispernet
You Save: £7.08 (28%)
Unlike print books, digital books are subject to VAT.

Formats

 Amazon Price New from Used from
Kindle Edition £17.91   -- --
Paperback £21.24   -- --

Product Description

Review

the security book that all web developers need to read sound advice ignore at peril (Tech Book Report, January 2004)

" achieves its aims admirably " (PC Utilities, April 2004)

should be required reading for web developers (about.com, March 2004)

if you are a web techie you will love this book, I did (Infosecurity Today, July 04)

Review

“…the security book that all web developers need to read…sound advice…ignore at peril…” (Tech Book Report, January 2004)

"…achieves its aims admirably…" (PC Utilities, April 2004)

“…should be required reading for web developers…” (about.com, March 2004)

“…if you are a web techie you will love this book, I did…” (Infosecurity Today, July 04)

See all Product Description

Product details

  • Format: Kindle Edition
  • File Size: 2351 KB
  • Print Length: 248 pages
  • Page Numbers Source ISBN: 0470857447
  • Publisher: John Wiley & Sons, Inc.; 1 edition (12 Mar 2004)
  • Sold by: Amazon Media EU S.à r.l.
  • Language English
  • ASIN: B000PY4I0E
  • Text-to-Speech: Enabled
  • Amazon Bestsellers Rank: #372,753 Paid in Kindle Store (See Top 100 Paid in Kindle Store)

    •  Would you like to give feedback on images?

More About the Author

Sverre H. Huseby
Discover books, learn about writers, and more.

Visit Amazon's Sverre H. Huseby Page

Tag this product

 (What's this?)
Think of a tag as a keyword or label you consider is strongly related to this product.
Tags will help all customers organise and find favourite items.
Your tags: Add your first tag
 
See most popular tags

Customer Reviews

There are no customer reviews yet on Amazon.co.uk.
5 star
4 star
3 star
2 star
1 star
Most Helpful Customer Reviews on Amazon.com (beta)
Amazon.com:  5 reviews
18 of 18 people found the following review helpful
Focused info for developers more than security pros 17 Mar 2004
By Mike Tarrani - Published on Amazon.com
Format:Paperback
This book is similar in many respects to Web Hacking: Attacks and Defense (ISBN 0201761769). While that book was aimed at security professionals who needed to understand the exposures and vulnerabilities in web systems that were commonly exploited by the bad guys and gals, this book is aimed more at developers.

Like for former book, this one systematically covers exposures and vulnerabilities, and provides remedies at the code level. What sets this book apart is every component of a modern web site, from web server to backend database is covered, problem areas from a developer's perspective are highlighted, and solutions for resolving the problem areas given. I like this book because developers, from casual hobbyists to professionals, will easily grasp the information. More importantly, the material is not insultingly simple to experienced developers, nor is it over the head of less experienced ones.

Another reason I like this book is in systematically uncovering exposures the QA team can also use this book as a sourcebook for developing a baseline set of test cases that will catch security-related problems during acceptance, functional qualification, or regression test cycles.

In my opinion not only should web developers (including DBAs) and QA professionals read this book, but it should also be adopted by development organizations and projects as a part of coding standards.

4 of 4 people found the following review helpful
a longer discussion of Trojans would have been nice 14 Sep 2005
By W Boudville - Published on Amazon.com
Format:Paperback
Huseby walks through many instances of flawed web code. Client side and server side. All of these have been covered before in other forums and books, but he offers a clear exposition of the dangers.

Take SQL injection. If you do not have your web server filter the user's input in a web page submitted by her browser, and you blithely pass her string to your SQL engine, you are asking for grief. You're begging for a cracker to stuff a SQL command script to sabotage or exacavate your database. Thus too for shell command injection, where your server might inadvertantly execute that as a shell command. Remember to filter user input!

Cross site scripting and Trojans are also explained. Unfortunately, while the Trojan discussion is understandable, it is far too short.

There is no discussion of antiphishing methods. Though in the Trojan chapter, an example fake email would qualify as phishing. Perhaps the author saw no technical solution for phishing. And this book is about technical solutions.
6 of 7 people found the following review helpful
Highly recommended 6 Aug 2004
By Stephan Meyn - Published on Amazon.com
Format:Paperback
Security is a serious issue and education of the developer about writing secure code is extremely important. There are a lot of books out there that write either about how to configure your servers or about the various security technologies (cryptography, WSE etc) - this is not unimportant but it is incomplete because it ignores weaknesses introduced through coding practices.

The author manages a tight and very readable book that is addressed at the software developer. It can be read in about a day or afternoon (if you happen to be stranded at an airport lounge). I will be suggesting it to be one of our standard literature titles on the development floor.

Customer Discussions

This product's forum
Discussion Replies Latest Post
No discussions yet

Ask questions, Share opinions, Gain insight
Start a new discussion
Topic:
First post:
Prompts for sign-in
 

Search Customer Discussions
Search all Amazon discussions
   

Look for similar items by category

Look for similar items by subject

























i.e., each title must be in subject 1 AND subject 2 AND ...

Amazon Media EU S.à r.l. GB Privacy Statement Amazon Media EU S.à r.l. GB Delivery Information Amazon Media EU S.à r.l. GB Returns & Exchanges