Home » Media »Security »Webmaster » Currently Reading:

Book Review: Tangled Web – A Guide to Securing Modern Web Applications

January 26, 2012 Media, Security, Webmaster No Comments

Tangled Web by Michal Zalewski is an incredibly detailed book on the topic of web technologies. It includes an encyclopedic history of HTTP, HTML, browsers, and the path that has led us to where we are now. The book is well referenced with plenty of endnotes to guide you to further reading on the topics. With a focus on security in web applications, the amount of knowledge conveyed in the book is breath-taking. If you were to have this information available at your finger tips, the insights and recommendations will certainly make for more secure and competent web applications.

The book covers the material almost like a textbook but also reflects the passion for security the author must have. In the broad sense, the book covers these topics:

  • Anatomy of the Web
  • Browser Security Features
  • A Glimpse of Things to Come

The anatomy of the web section covers information security in a nutshell, history of the web, the evolution of a threat, structure of URLs, character encoding, URL schemes, HTTP, request types, response codes, HTML, CSS, scripts, non-HTML document types, and browser plug-ins.

The browser security features section covers content isolation logic, origin inheritance, life outside same-origin rules, other security boundaries, content recognition mechanisms, dealing with rogue scripts, and extrinsic site privileges.

A glimpse of things to come explores new and upcoming security features, other browser mechanisms of note, and common web vulnerabilities.

Every chapter concludes with a Security Engineering Cheat Sheet. It provides concluding practical tips and suggestions for things related to the chapter’s topic. Including an index at the back of the book, it seems the book will be frequently used and easily referenced.

Tangled Web was a great read. It was very technical but that allowed it to be a great authority on the topic of security. Recalling how the web was created, the industry-stimulating browser wars, and how things are finally reaching standards really shows how security was only a second-thought (if that) and modern developments of faster computers and sufficient bandwidth has opened up the web to the malicious. Hopefully with figures like the author, Michal Zalewski, in the industry, we are turning things around for the next milestone in the history of the Internet.


Related posts:

  1. Book Review: All-in-One CompTIA Security+ Exam Guide, 2nd Edition
  2. Book Review: Exploiting Software – How to Break Code
  3. Book Review: CompTIA Strata Green IT

Comment on this Article:







Search

Custom Search

Subscribe

Subscribe by email  

Sponsors

Sponsors

Keytech Managed Services
Keytech provide Managed IT services to ensure your valuable data and network are protected and running to an optimal level.

Dedicated Server Hosting
BODHost.com offers a wide range of managed dedicated servers with 100% uptime and 24x7 dedicated support.

Do It Smarter Managed IT Services
Do-It-Smarter Managed IT Services - Managed backup, hosted email, systems management, network audits, managed security & disaster recovery.