Average Reviews:
(More customer reviews)Are you looking to buy Innocent Code: A Security Wake-Up Call for Web Programmers? Here is the right place to find the great deals. we can offer discounts of up to 90% on Innocent Code: A Security Wake-Up Call for Web Programmers. Check out the link below:
>> Click Here to See Compare Prices and Get the Best Offers
Innocent Code: A Security Wake-Up Call for Web Programmers ReviewThis book is similar in many respects to Web Hacking: Attacks and Defense (ISBN 0201761769). While that book was aimed at security professionals who needed to understand the exposures and vulnerabilities in web systems that were commonly exploited by the bad guys and gals, this book is aimed more at developers.Like for former book, this one systematically covers exposures and vulnerabilities, and provides remedies at the code level. What sets this book apart is every component of a modern web site, from web server to backend database is covered, problem areas from a developer's perspective are highlighted, and solutions for resolving the problem areas given. I like this book because developers, from casual hobbyists to professionals, will easily grasp the information. More importantly, the material is not insultingly simple to experienced developers, nor is it over the head of less experienced ones.
Another reason I like this book is in systematically uncovering exposures the QA team can also use this book as a sourcebook for developing a baseline set of test cases that will catch security-related problems during acceptance, functional qualification, or regression test cycles.
In my opinion not only should web developers (including DBAs) and QA professionals read this book, but it should also be adopted by development organizations and projects as a part of coding standards.Innocent Code: A Security Wake-Up Call for Web Programmers Overview
This concise and practical book shows where code vulnerabilities lie-without delving into the specifics of each system architecture, programming or scripting language, or application-and how best to fix them
Based on real-world situations taken from the author's experiences of tracking coding mistakes at major financial institutions
Covers SQL injection attacks, cross-site scripting, data manipulation in order to bypass authorization, and other attacks that work because of missing pieces of code
Shows developers how to change their mindset from Web site construction to Web site destruction in order to find dangerous code
Want to learn more information about Innocent Code: A Security Wake-Up Call for Web Programmers?
>> Click Here to See All Customer Reviews & Ratings Now
0 comments:
Post a Comment