Web Application Security, A Beginner's Guide Paperback – 1 Jan 2012
|New from||Used from|
- Choose from over 13,000 locations across the UK
- Prime members get unlimited deliveries at no additional cost
- Find your preferred location and add it to your address book
- Dispatch to this address when you check out
Frequently bought together
Customers who bought this item also bought
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Would you like to tell us about a lower price?
If you are a seller for this product, would you like to suggest updates through seller support?
About the Author
Bryan Sullivan is a senior security researcher at Adobe Systems, where he focuses on web and cloud security issues. He was previously a security program manager on the Microsoft Security Development Lifecycle team and a development manager at HP, where he helped to design HP's vulnerability scanning tools, Webinspect and Devinspect.
Vincent Liu, CISSP, is a managing partner at Stach & Liu. He previously led the Attack & Penetration and Reverse Engineering teams for Honeywell's Global Security group and was an analyst at the National Security Agency. Vincent is a coauthor of Hacking Exposed: Web Applications, Third Edition and Hacking Exposed Wireless, Second Edition.
What other items do customers buy after viewing this item?
Top customer reviews
Most helpful customer reviews on Amazon.com
I teach a basic security class for web application developers, and this is the book I used for the most recent iteration of the class. It was perfect for the class. Technology agnostic, a reasonable length, and easily accessible by people with web app development experience but not necessarily security experience. Unlike most security books, which are often a catalog of "bad things that can happen", Sullivan and Liu's book covers the topic from the direction of teaching fundamental security principles first, and applying those principles to topics such as authentication, authorization, browser security, and database security. It does very little to cover specific technologies. The developer will probably need to use other technology specific references, but reading this book first will give developers the background they need to apply security principles to their own technology.
The writing is excellent. The material is basic enough for the beginner in security, but in-depth enough that I learned quite a bit, even after several years of experience in app security. The authorization chapter, in particular, should be required reading. After reading that chapter, I finally understood concepts that I'd always struggled with.
For me, the book could have had a few more actual coding examples, as sometimes an actual example clarifies the subject matter better than just words, but when combined with internet searches, it gets the job done!
I would recommend the book to all readers who want to obtain a solid, basic understanding of the problems involved in security web applications.
I enjoyed reading "Web Application Security, A Beginner's Guide" because the concepts of STRIDE were well explained, also I surfed into the most web reference and all topics in then are developed in clear way.
After I have read this book I can take a decision what methodology to adopt and which way to follow, and where get information in detail. I think this book is a very good point to begin.
I would give this book 4.5 stars, which rounded to 5. The missing 0.5 star is because this book, with all broad material, is sometimes not deep and not thorough enough, IMHO. When reading this book, I frequently had to look into Wikipedia to get clear understanding of the concepts. Some of the advice are good rules of thumb, but the author fails to explain why they are so good. I understand that one cannot cover everything in one book for beginners, but I would prefer if the author were more academical.
Look for similar items by category