Author: Christopher Wells
Publisher: O'Reilly, 2007
Aimed at: Beginners
Pros: Easy to read introduction to web security
Cons: Completely off topic
Reviewed by: Ian Elliot
Even if you treat the book as one on the general topic of web security there can't be many programmers who aren't aware of the standard attack methods. It starts out with a history of the web and HTTP and this part reads like a third hand account. If you were there then you will know the history, much of which isn't relevant to security anyway. Form here we move on to general security and the STRIDE model - spooffing, tampering, redirection, information disclosure, denial of service and elevation of privileges. We have a discussion of SQL injection and buffer overflow attacks and so on, but there is very little code to illustrate the ideas and Ajax seems to be hardly mentioned. I'm not at all sure that the author is a programmer and this is what you really need to deal with the complexities of Ajax security. What we do have is a tutorial on installing Ubuntu and making it secure and just about anything you can think of.
Overall this book is a fairly shallow look at web security that would suit a beginner. As such it has some value. As a book on Ajax security it fails without even trying as there is hardly anything about Ajax in it.