For the past couple of months I’ve been reading The Tangled Web: A Guide to Securing Modern Web Applications by Michael Zalewski. The book was published by no starch press and they were kind enough to provide me a copy for review. I enjoy reading about topics outside my main field and interests. It’s a way to keep myself informed and learn new things and this book fits exactly into this category.
The Tangled Web is mostly about web technologies and how insecure they are by nature. The book is a very engaging narrative, full of details and impressive war stories. It focuses on the practical issues of web technologies and not on the theory of security. The book can be very useful for web developers and those interested in security. For example, at the end of each chapter we can find a “Security Engineering Cheat Sheet”, which presents us a summary of things to consider/do. These sheets alone make the book worthwhile having. The book is organized in three main parts. In the first one, the author tells us the story of the inception of the web until today and discusses all the important technologies, protocols, etc. The second part focuses on the browser security and the third part on “the things to come”. Although the book is not very thick (around 300 pages) it addresses too many important issues to completely absorb them in a single reading.
To conclude, the Tangled Web is a solid book, full of interesting and useful information. For web developers and security experts it should be a must read book. For the rest of us it is an enjoyable reading.
Jorge Tavares Notes 