The Tangled Web, book review

Book cover of The tangled web

  • Author: Michal Zalewski
  • publisher: O’Reilly Media ( No Starch Press )
  • pages: 273

Introduction

I liked the book, the book is thorough, on a tough subject. What I missed is a more practical approach of the secure web, almost all web developers are also intrigued by hackers. to my opinion hacking itself could make developers understanding the holes of the web more easily. I really would liked some more practical examples of websites and how to brake them.

The book is handy for reference ( although the internet is might be more useful ). I expected to learn some fundamentals to cope with security issues in the daily live of webdeveloping, that after reading the book and messing around with some code examples my awareness for possible security flaws would be raised.

Security Awareness

The untangled web partially raised my awareness. Since i read the book i am more aware of the possibility of security issues in many layers of the web, plugins, java applets and other stuff that lives on the internet. Again what I missed was a more practical approach. For example the book could start with a simple php site implementation. This should be of no concern for the average reader of this book. With the example site created the book could have show ways how to hack the site. I know this might not be the most ethical methodology, but for me it would be the best way to remember all the information about security issues and how to prevent them.

The Future

Later chapters describe some modern features of the web. Luckily most of the these are reasonably robust, for example web sockets and web workers. In this section the book becomes also more practical and more fun to read. I enjoyed the epilogue of the book where the analogy is made between the society en the online society which hasn’t had any time yet to form human-based ethics. Regarding piracy and security.

Conclusion

There is a lot to be said about web security, much more than i would have known. I hope i have raised my own awareness regarding security to implement it in my daily job. However i will have a hard time selling the extra time in advance to clients.

I must compliment the author for writing this reference book about security issues on the internet. It is easy to see that a lot of research has gone into this book. Bottom line this isn’t a fun developing book but it will certainly improve your quality as a developer.

The books product page