This book is an entertaining read, that shows how to change your mindset from website construction to website destruction so as to avoid writing dangerous code.
This concise and practical book will show where code vulnerabilities lie and how best to fix them. Its value is in showing where code may be exploited to gain access to--or break --systems, but without delving into specific architectures, programming or scripting languages or applications. It provides illustrations with real code.
Innocent Code is an entertaining read showing how to change your mindset from website construction to website destruction so as to avoid writing dangerous code. Abundant examples from susceptible sites will bring the material alive and help you to guard against:
- SQL Injection, shell command injection and other attacks based on mishandling meta-characters
- bad input
- cross-site scripting
- attackers who trick users into performing actions
- leakage of server-side secrets
- hidden enemies such as project deadlines, salesmen, messy code and tight budgets
All web programmers need to take precautions against producing websites vulnerable to malicious attack. This is the book which tells you how without trying to turn you into a security specialist.
About the Author
Sverre Huseby runs his own company selling courses and consultancy services in Web application security. He's an active participant on webappsec mail forum.