Innocent Code: A Security Wake-Up Call for Web Programmers and over 900,000 other books are available for Amazon Kindle . Learn more

Quantity:


	Amazon Prime free trial required. Sign up when you check out. Learn more

More Buying Choices

Have one to sell? Sell yours here

Get a �1.45 Amazon.co.uk Gift Card

Share your own customer images

Search inside this book

Start reading Innocent Code: A Security Wake-Up Call for Web Programmers on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Innocent Code: A Security Wake-up Call for Web Programmers [Paperback]

Sverre H. Huseby (Author)

RRP:	�24.99
Price:	�21.24 & this item Delivered FREE in the UK with Super Saver Delivery. See details and conditions
Deal Price:
You Save:	�3.75 (15%)
	o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o

In stock.
Dispatched from and sold by Amazon.co.uk. Gift-wrap available.

Only 1 left in stock--order soon (more on the way).

Want guaranteed delivery by Saturday, February 11? Choose Express delivery at checkout. See Details

Formats	Amazon Price		New from	Used from
Kindle Edition	�17.91		--	--
Paperback	�21.24		--	--

Amazon.co.uk Trade-In Store
Did you know you can trade in your old books for an Amazon.co.uk Gift Card to spend on the things you want? Visit the Amazon.co.uk Trade-In Store for more details.

› See more product promotions

Frequently Bought Together

Price For All Three: �36.74

Show availability and delivery details

Buy the selected items together

This item: Innocent Code: A Security Wake-up Call for Web Programmers by Sverre H. Huseby Paperback �21.24

In stock.
Dispatched from and sold by Amazon.co.uk.
This item Delivered FREE in the UK with Super Saver Delivery. See details and conditions
Secrets and Lies: Digital Security in a Networked World by Bruce Schneier Paperback �8.51

In stock.
Dispatched from and sold by Amazon.co.uk.
This item Delivered FREE in the UK with Super Saver Delivery. See details and conditions
The Art of Deception: Controlling the Human Element of Security by Steve Wozniak Paperback �6.99

In stock.
Dispatched from and sold by Amazon.co.uk.
This item Delivered FREE in the UK with Super Saver Delivery. See details and conditions

Customers Who Bought This Item Also Bought

The Web Application Hacker's Handbook: Dis... by Dafydd Stuttard
4.8 out of 5 stars (5)

�21.75
Secrets and Lies: Digital Security in a Network... by Bruce Schneier
4.6 out of 5 stars (27)

�8.51
The Art of Deception: Controlling the Human Elem... by Steve Wozniak
3.5 out of 5 stars (25)

�6.99
Hacking Exposed, Sixth Edition: Network Securit... by Stuart Mcclure
4.3 out of 5 stars (18)

�20.64
Hello, Android: Introducing Google's Mobile De... by Ed Burnette
4.0 out of 5 stars (30)

�17.81
The Longer Long Tail: How Endless Choice is Cre... by Chris Anderson
4.1 out of 5 stars (28)

�5.40

Product details

Paperback: 246 pages
Publisher: John Wiley & Sons (9 Dec 2003)
Language English
ISBN-10: 0470857447
ISBN-13: 978-0470857441
Product Dimensions: 23.3 x 18.7 x 1.4 cm
Amazon Bestsellers Rank: 614,865 in Books (See Top 100 in Books)
- #22 in Books > Computers & Internet > Computer Science > Networking & Security > Security > Web Security

Would you like to update product info or give feedback on images?

See Complete Table of Contents

More About the Author

Discover books, learn about writers, and more.

› Visit Amazon's Sverre H. Huseby Page

Product Description

Review

the security book that all web developers need to read sound advice ignore at peril (Tech Book Report, January 2004)

" achieves its aims admirably " (PC Utilities, April 2004)

should be required reading for web developers (about.com, March 2004)

if you are a web techie you will love this book, I did (Infosecurity Today, July 04)

“…the security book that all web developers need to read…sound advice…ignore at peril…” (Tech Book Report, January 2004)

"…achieves its aims admirably…" (PC Utilities, April 2004)

“…should be required reading for web developers…” (about.com, March 2004)

“…if you are a web techie you will love this book, I did…” (Infosecurity Today, July 04)

about.com, March 2004

"...should be required reading for web developers..."

See all Product Description

Inside This Book (Learn More)

First Sentence
The first line of the response is known as the Status-Line. Read the first page

Explore More
Concordance

Tag this product

(What's this?)

Think of a tag as a keyword or label you consider is strongly related to this product.
Tags will help all customers organise and find favourite items.

What Other Items Do Customers Buy After Viewing This Item?

The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws by Dafydd Stuttard Paperback
4.8 out of 5 stars (5)

�21.75

› Explore similar items

Customer Reviews

There are no customer reviews yet on Amazon U.K.

5 star:		(0)
4 star:		(0)
3 star:		(0)
2 star:		(0)
1 star:		(0)

Share your experience with this product with others

Create your own review

Most Helpful Customer Reviews on Amazon.com ^(beta)

Amazon.com: 4.6 out of 5 stars (5 customer reviews)

18 of 18 people found the following review helpful:

5.0 out of 5 stars Focused info for developers more than security pros, 17 Mar 2004

By Mike Tarrani "www.tarrani.com" - Published on Amazon.com

This review is from: Innocent Code: A Security Wake-up Call for Web Programmers (Paperback)

This book is similar in many respects to Web Hacking: Attacks and Defense (ISBN 0201761769). While that book was aimed at security professionals who needed to understand the exposures and vulnerabilities in web systems that were commonly exploited by the bad guys and gals, this book is aimed more at developers.

Like for former book, this one systematically covers exposures and vulnerabilities, and provides remedies at the code level. What sets this book apart is every component of a modern web site, from web server to backend database is covered, problem areas from a developer's perspective are highlighted, and solutions for resolving the problem areas given. I like this book because developers, from casual hobbyists to professionals, will easily grasp the information. More importantly, the material is not insultingly simple to experienced developers, nor is it over the head of less experienced ones.

Another reason I like this book is in systematically uncovering exposures the QA team can also use this book as a sourcebook for developing a baseline set of test cases that will catch security-related problems during acceptance, functional qualification, or regression test cycles.

In my opinion not only should web developers (including DBAs) and QA professionals read this book, but it should also be adopted by development organizations and projects as a part of coding standards.

4 of 4 people found the following review helpful:

4.0 out of 5 stars a longer discussion of Trojans would have been nice, 14 Sep 2005

By W Boudville - Published on Amazon.com

This review is from: Innocent Code: A Security Wake-up Call for Web Programmers (Paperback)

Huseby walks through many instances of flawed web code. Client side and server side. All of these have been covered before in other forums and books, but he offers a clear exposition of the dangers.

Take SQL injection. If you do not have your web server filter the user's input in a web page submitted by her browser, and you blithely pass her string to your SQL engine, you are asking for grief. You're begging for a cracker to stuff a SQL command script to sabotage or exacavate your database. Thus too for shell command injection, where your server might inadvertantly execute that as a shell command. Remember to filter user input!

Cross site scripting and Trojans are also explained. Unfortunately, while the Trojan discussion is understandable, it is far too short.

There is no discussion of antiphishing methods. Though in the Trojan chapter, an example fake email would qualify as phishing. Perhaps the author saw no technical solution for phishing. And this book is about technical solutions.

6 of 7 people found the following review helpful:

5.0 out of 5 stars Highly recommended, 6 Aug 2004

By Stephan Meyn "Stephan Meyn" - Published on Amazon.com

This review is from: Innocent Code: A Security Wake-up Call for Web Programmers (Paperback)

Security is a serious issue and education of the developer about writing secure code is extremely important. There are a lot of books out there that write either about how to configure your servers or about the various security technologies (cryptography, WSE etc) - this is not unimportant but it is incomplete because it ignores weaknesses introduced through coding practices.
The author manages a tight and very readable book that is addressed at the software developer. It can be read in about a day or afternoon (if you happen to be stranded at an airport lounge). I will be suggesting it to be one of our standard literature titles on the development floor.

› Go to Amazon.com to see all 5 reviews 4.6 out of 5 stars

Were these reviews helpful? Let us know

.jsOffDisplayBlock { display: block; } .jsOffDisplayInline { display: inline; } .jsOffVisibility { visibility: visible; } .jsOnDisplayBlock { display: none; } .jsOnDisplayNoneBlock { display: block; } .jsOnDisplayNoneInline { display: inline; } .jsOnDisplayInline { display: none; } .jsOnVisibility { visibility: hidden; } .jqOnDisplayBlock { display: none; } .jqOnDisplayInline { display: none; } .jqOnVisibility { visibility: hidden; } .jqOnDisplayNoneBlock { display: block; } .jqOnDisplayNoneInline { display: inline; }