CDN$ 75.58
  • List Price: CDN$ 76.80
  • You Save: CDN$ 1.22 (2%)
Only 1 left in stock (more on the way).
Ships from and sold by Gift-wrap available.
Developer's Guide to Web ... has been added to your Cart
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Developer's Guide to Web Application Security Paperback – Feb 1 2007

See all 2 formats and editions Hide other formats and editions
Amazon Price
New from Used from
Kindle Edition
"Please retry"
"Please retry"
CDN$ 75.58
CDN$ 30.59 CDN$ 30.56

Save an Additional 10% on Textbooks When you Join Amazon Student

Special Offers and Product Promotions

  • Amazon Student members save an additional 10% on Textbooks with promo code TEXTBOOK10. Enter code TEXTBOOK10 at checkout. Here's how (restrictions apply)

No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your e-mail address or mobile phone number.

Product Details

  • Paperback: 500 pages
  • Publisher: Syngress; 1 edition (Feb. 1 2007)
  • Language: English
  • ISBN-10: 159749061X
  • ISBN-13: 978-1597490610
  • Product Dimensions: 18 x 3.5 x 22.6 cm
  • Shipping Weight: 635 g
  • Average Customer Review: Be the first to review this item
  • Amazon Bestsellers Rank: #2,456,266 in Books (See Top 100 in Books)
  •  Would you like to update product info, give feedback on images, or tell us about a lower price?

  • See Complete Table of Contents

Product Description

About the Author

Michael Cross (MCSE, MCP+I, CNA, Network+) is an Internet Specialist/Computer Forensic Analyst with the Niagara Regional Police Service (NRPS). He performs computer forensic examinations on computers involved in criminal investigation. He also has consulted and assisted in cases dealing with computer-related/Internet crimes. In addition to designing and maintaining the NRPS Web site at and the NRPS intranet, he has provided support in the areas of programming, hardware, and network administration. As part of an information technology team that provides support to a user base of more than 800 civilian and uniform users, he has a theory that when the users carry guns, you tend to be more motivated in solving their problems.

Michael also owns KnightWare (, which provides computer-related services such as Web page design, and Bookworms (, where you can purchase collectibles and other interesting items online. He has been a freelance writer for several years, and he has been published more than three dozen times in numerous books and anthologies. He currently resides in St. Catharines, Ontario, Canada, with his lovely wife, Jennifer, his darling daughter, Sara, and charming son, Jason.

Inside This Book

(Learn More)
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index
Search inside this book:

Customer Reviews

There are no customer reviews yet on
5 star
4 star
3 star
2 star
1 star

Most Helpful Customer Reviews on (beta) HASH(0xb48bf9a8) out of 5 stars 4 reviews
5 of 6 people found the following review helpful
HASH(0xb48e8e4c) out of 5 stars Just not quite the book it promises to be June 3 2008
By Jay P. Vansanten - Published on
Format: Paperback Verified Purchase
More recent books on web application security are welcomed. The publication date of 2006 suggests it might fall into that category.

The focus on the programmer is also welcomed. Many security books deal with threats, but the actual practice of programming to ameliorate those threats may not be readily apparent. One would like support for a programmer "security mindset" and specific strategies to implement that.

The book is addressed to programmers and written in a fashion that is engaging. And, as a more general work to highlight the importance of security at the development stage, it's OK.

But, there's just not much depth here for it's intended topic. And, the content appears to reflect lectures presented in the 90s. There's some significant reference to C, which is not typically used in contemporary web programming. The focus tends towards the *nix world, but again a fair amount of emphasis, as I recall, on cgi, where again, PHP is more commonly used today. References in the Microsoft world are exclusively to ASP -- a technology which was superseded in 2002 by ASP.NET.

There's some appropriate programming advice here. But, it's soft rather than hard, and diffuse and general rather than focused and specific.

I would rate it 3 stars for that content if it were more appropriately titled.
2 of 3 people found the following review helpful
HASH(0xb48ec0b4) out of 5 stars Good read for the security conscious March 16 2007
By Jason - Published on
Format: Paperback
When I came across this book on the O'Reilly website I was immediately interested, as web applications are becoming more and more prevalent. And other than thinking it covered methods of securing web applications I had no preconceived assumptions. My main aspiration for this book was to give me better awareness of security in the area of web applications and to provide me with some tools. After having read this book I can say that it has done both.

Each of the chapters in this book seem to follow a pattern of first defining the topic, second giving real world examples, and finally providing the reader with solutions. The book begins by providing a history of the hacking methodology and defining the various types of hacking. It was interesting to learn about some of the various hacks and hackers. For example, I had no idea Steve Jobs (Apple Computers) used to be a hacker.

In chapter two the author discusses what he calls a "Code Grinder", and how to not become or produce a code grinder. A code grinder is someone who works in a highly regulated environment where creativity is discouraged. I found it interesting that a code grinder environment typically produces more unsecure code then an environment that is open and promotes creativity.

Chapter three discusses the risks associated with mobile code. Chapter four covers vulnerable CGI scripts and introduces the reader to some tools such as Nikto and Web Hack Control Center to scan your website to find vulnerabilities. The author goes on to discuss the issues faced by the various CGI scripting languages, and then provides an outline of rules to writing secure CGI scripts.

Chapter five covers hacking techniques and tools. This section gets you into the mind of a hacker, what are their goals, how are those goals achieved and what tools do they use. In chapter six the topic is "Code Auditing and Reverse Engineering." This chapter I found exceptionally interesting and helpful. The author takes you through various types of vulnerabilities and with each weakness explains how it affects each of the more popular programming/scripting languages. And to take it a step further the author also provides the reader with the functions/methods for each programming/scripting language that are vulnerable to attack and then explains either how to use those functions securely or gives an alternative function/method that is more secure.

Chapters seven through ten cover securing code in specific languages; Java, XML, ActiveX, and ColdFusion. Chapter eleven discusses developing security enabled applications using such technologies as PGP, SSL, and PKI. Finally in chapter twelve the author wraps up the book by taking the reader through creating and working with a security plan.



I found this book to be interesting and a good read. I plan to make use of some of the tools it introduced in hardening applications I work with and develop. And as I mentioned before, the chapter on code auditing will be extremely useful to me in cleaning up existing apps and developing new ones. I liked this book and I would recommend it to anyone who is writing code.
1 of 1 people found the following review helpful
HASH(0xb48ec2f4) out of 5 stars Very good book of knowledge. Sept. 23 2012
By Learning Man of Knowledge - Published on
Format: Paperback Verified Purchase
This book shows you how to do many things. It walks you step by step to create many links for your own Security. For myself, the knowledge that shows you "How to create" is the best part of this book I like for the Security of my computer.
1 of 3 people found the following review helpful
HASH(0xb48ec498) out of 5 stars Great Overview of a complex subject! Feb. 20 2007
By Richard Callaby - Published on
Format: Paperback
With the increasing number of incidents of crime that is occurring on the world wide web it behooves every programmer to become fluent in all aspects of information security. This book provides a great overview of the various methods a hacker uses to penetrate various forms of web architectures. The author's goals it seems was to cover a broad subject by touching on all important aspects of securing a website.

Throughout the book a hacker mindset is presented and how to design your website to overcome the tools and tricks of the hacker. For instance in many of the chapters the manner of attack that a hacker would use to exploit a piece of technology is covered. Overall I believe this book to be a good introduction to the field of securing websites. Since security in of itself is such a broad subject and the Internet is also a broad subject it is unfair to expect one book to cover all aspects of a complex and dynamic environment