Tangled Web by Michal Zalewski is an incredibly detailed book on the topic of web technologies. It includes an encyclopedic history of HTTP, HTML, browsers, and the path that has led us to where we are now. The book is well referenced with plenty of endnotes to guide you to further reading on the topics. With a focus on security in web applications, the amount of knowledge conveyed in the book is breath-taking. If you were to have this information available at your finger tips, the insights and recommendations will certainly make for more secure and competent web applications.
The book covers the material almost like a textbook but also reflects the passion for security the author must have. In the broad sense, the book covers these topics:
- Anatomy of the Web
- Browser Security Features
- A Glimpse of Things to Come
The anatomy of the web section covers information security in a nutshell, history of the web, the evolution of a threat, structure of URLs, character encoding, URL schemes, HTTP, request types, response codes, HTML, CSS, scripts, non-HTML document types, and browser plug-ins.
The browser security features section covers content isolation logic, origin inheritance, life outside same-origin rules, other security boundaries, content recognition mechanisms, dealing with rogue scripts, and extrinsic site privileges.
A glimpse of things to come explores new and upcoming security features, other browser mechanisms of note, and common web vulnerabilities.
Every chapter concludes with a Security Engineering Cheat Sheet. It provides concluding practical tips and suggestions for things related to the chapter’s topic. Including an index at the back of the book, it seems the book will be frequently used and easily referenced.
Tangled Web was a great read. It was very technical but that allowed it to be a great authority on the topic of security. Recalling how the web was created, the industry-stimulating browser wars, and how things are finally reaching standards really shows how security was only a second-thought (if that) and modern developments of faster computers and sufficient bandwidth has opened up the web to the malicious. Hopefully with figures like the author, Michal Zalewski, in the industry, we are turning things around for the next milestone in the history of the Internet.