Photo de l'auteur
7 oeuvres 394 utilisateurs 6 critiques

A propos de l'auteur

Comprend les noms: Michał Zalewski

Œuvres de Michał Zalewski

Étiqueté

Partage des connaissances

Nom canonique
Zalewski, Michał
Sexe
male

Membres

Critiques

[b:The Tangled Web: A Guide to Securing Modern Web Applications|11553604|The Tangled Web A Guide to Securing Modern Web Applications|Michal Zalewski|https://images.gr-assets.com/books/1344675366s/11553604.jpg|16493650] is a fairly solid introduction to computer security in the context of web sites/browsers with one fairly major downside: it was published 7 years ago. In the context of the Internet, that's... quite a while.

Which this book was published, IE had a 40% market share, followed by Firefox with 30%, and Chrome with only 20%. Given that more recent numbers show Chrome with 70%, FF with 10%, and IE Edge together only at 10%... the Internet has changed. Since it was published, Flash is the next best thing to dead. HSTS and CORS are everywhere now (mentioned as future technologies in the book). Some issues just ... aren't any more, while a whole new kettle of worms is about.

That being said, it's actually a pretty decent introductory book. Some things never change. The internet is still driven by URLs and cookies, and even the introduction of HTTP/2 and HTTP/3 now don't change things that much. For the most part HTML is still HTML (although HTML4/XHTML issues are less relevant than they used to be). Even with CORS, SOP is still an issue, as is content types.

So really... you could do worse if you're interested in learning a bit about computer security. Especially if you picked this book up as part of a Humble Bundle. :)
… (plus d'informations)
 
Signalé
jpv0 | 3 autres critiques | Jul 21, 2021 |
Even accounting for the fact that this came out a while ago and the web is a fast-moving target, this is not a good book.

I have a background in developing web applications on both the server and the front end, so I feel like I ought to be able to get something out of this. But the book has a pattern of going on for a long time into internet basics that I'm already familiar with, then suddenly dives into particular vulnerabilities that are so poorly explained that I can't tell whether they're happening on the server or the browser, why they're a problem, or what someone might do about them.

I put this book down at 17% when it asserted that get and post are basically interchangeable; if it's making that kind of oversimplification of things I know, I don't trust it to tell me about anything else.
… (plus d'informations)
 
Signalé
haloedrain | 3 autres critiques | Aug 3, 2019 |
Solid description of the ways in which the internet can be unsafe (and wasn't designed for safety) -- it covers all the topics you would expect, as well as all the background knowledge necessary to make sense of them, a non-dry and non-academic tone. It also gets a bit bogged down with the sheer amount of stuff to cover, and having more solid background in this than the average Joe, I couldn't keep pushing myself through material I am already familiar with. My deciding not to finish it (after 18 months of being partway through) is not a slight on the book, which is an excellent around-the-board introduction to cybersecurity and its challenges.… (plus d'informations)
 
Signalé
pammab | 1 autre critique | Jan 12, 2019 |
In terms of 'depressing books' this is right up there with Wiesel's 'Night'
 
Signalé
porges | 3 autres critiques | Dec 29, 2016 |

Vous aimerez peut-être aussi

Statistiques

Œuvres
7
Membres
394
Popularité
#61,534
Évaluation
3.9
Critiques
6
ISBN
16
Langues
4

Tableaux et graphiques