on April 17, 2006
The book is very slim and so is the content. While it remains a good book, it's not aimed to everyone. It covers the basics of web application security, mostly applied to PHP. The content of the book is the information any serious web application programmer should be aware of. The frequent attacks are presented and it gives an overall feel of the potential risks.
The examples are way too simplistic and the book mostly repeat "filter input, escape output". It does place the focus on where input should be filtered and where the output should be escaped, but the examples are so slim that they can hardly be considered as real security flaws. Explanations on how to find flaws in larger code bases would have been a useful addition.
The book is not bad, but it's only an introduction to the topic.
on February 22, 2013
The author is talking to himself and other geeks who spend their lives in their pajamas writing code. For those of us in the real world with lives, this is not the book. He doesn't explain anything, just blathers on as if you already know what he's talking about. I wish the publisher had offered a disclaimer saying Don't Buy This Book If You Think You Need To Learn Something. Then I wouldn't have wasted my money.