Preview - The Tangled Web: A Guide to Securing Modern Web Applications


Posted on by Ben Rothke

Behind nearly every security vulnerability, is a poorly written piece of software.  The way to fix that is to write better code.

As a start, groups like OWASP are trying to make the world a better place via getting developers more focused on improving the security of application software. The group’s mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. 

I just got a copy of The Tangled Web: A Guide to Securing Modern Web Applications, in which author Michal Zalewski notes that modern web applications are built on a tangle of technologies that have been developed over time and then haphazardly pieced together.  

In the book he explains how browsers work and what makes them insecure. The book shows what needs to be done to fill in the gaps in order to create secure web applications. 

Zalewski is the author of Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks, a fascinating text on how vulnerable networks are.  The book came out 7 years ago.  If it is any indication of the quality of The Tangled Web: A Guide to Securing Modern Web Applications, then it was definitely worth the wait. 

This looks to be a fascinating and important book. 

 

 

Full review to follow.


Contributors
Ben Rothke

Senior Information Security Manager, Tapad

data security

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community