• List Price: CDN$ 71.25
  • You Save: CDN$ 29.09 (41%)
Only 1 left in stock (more on the way).
Ships from and sold by Amazon.ca. Gift-wrap available.
Developer's Guide to Web ... has been added to your Cart
+ CDN$ 6.49 shipping
Used: Good | Details
Condition: Used: Good
Comment: Shipped from the US -- Expect delivery in 1-2 weeks. Former Library book. Shows some signs of wear, and may have some markings on the inside. 100% Money Back Guarantee. Shipped to over one million happy customers. Your purchase benefits world literacy!
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Developer's Guide to Web Application Security Paperback – Feb 15 2007

See all 2 formats and editions Hide other formats and editions
Amazon Price
New from Used from
Kindle Edition
"Please retry"
"Please retry"
CDN$ 42.16
CDN$ 28.17 CDN$ 23.04

Harry Potter and the Cursed Child
click to open popover

No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.
Getting the download link through email is temporarily not available. Please check back later.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your mobile phone number.

Product Details

  • Paperback: 500 pages
  • Publisher: Syngress; 1 edition (Feb. 15 2007)
  • Language: English
  • ISBN-10: 159749061X
  • ISBN-13: 978-1597490610
  • Product Dimensions: 18 x 3.5 x 22.6 cm
  • Shipping Weight: 635 g
  • Average Customer Review: Be the first to review this item
  • Amazon Bestsellers Rank: #2,675,870 in Books (See Top 100 in Books)
  •  Would you like to update product info, give feedback on images, or tell us about a lower price?

  • See Complete Table of Contents

Product Description

About the Author

Michael Cross is a SharePoint Administrator and Developer, and has worked in the areas of software development, Web design, hardware installation/repairs, database administration, graphic design, and network administration. Working for law enforcement, he is part of an Information Technology team that provides support to over 1,000 civilian and uniformed users. His theory is that when the users carry guns, you tend to be more motivated in solving their problems.

Michael has a diverse background in technology. He was the first computer forensic analyst for a local police service, and performed digital forensic examinations on computers involved in criminal investigations. Over five years, he recovered and examined evidence involved in a wide range of crimes, inclusive to homicides, fraud, and possession of child pornography. In addition to this, he successfully tracked numerous individuals electronically, as in cases involving threatening e-mail. He has consulted and assisted in numerous cases dealing with computer-related/Internet crimes and served as an expert witness on computers for criminal trials. In 2007, he was awarded a Police Commendation for work he did in developing a system to track local high-risk offenders and sexual offenders.

With extensive experience in Web design and Internet-related technologies, Michael has created and maintained numerous Web sites and implementations of Microsoft SharePoint. This has included public Web sites, private ones on corporate intranets, and solutions that integrate them. In doing so, he has incorporated and promoted social networking features, created software to publish press releases online, and developed a wide variety of solutions that make it easier to get work done.

Michael has been a freelance writer and technical editor on over four dozen I.T. related books, as well as writing material for other genres. He previously taught as an instructor and has written courseware for IT training courses. He has also made presentations on Internet safety, SharePoint and other topics related to computers and the Internet. Despite his experience as a speaker, he still finds his wife won't listen to him.

Over the years, Michael has acquired a number of certifications from Microsoft, Novell and Comptia, including MCSE, MCP+I, CNA, Network+. When he isn’t writing or otherwise attached to a computer, he spends as much time as possible with the joys of his life: his lovely wife, Jennifer; darling daughter Sara; adorable daughter Emily; and charming son Jason.

For the latest information on him, his projects, and a variety of other topics, you can follow him on Twitter @mybinarydreams, visit his Facebook page at www.facebook.com/mybinarydreams, follow him on LinkedIn at www.linkedin.com/in/mcross1, or read his blog at http://mybinarydreams.wordpress.com.

Customer Reviews

There are no customer reviews yet on Amazon.ca
5 star
4 star
3 star
2 star
1 star

Most Helpful Customer Reviews on Amazon.com (beta)

Amazon.com: HASH(0x9d805f0c) out of 5 stars 4 reviews
5 of 6 people found the following review helpful
HASH(0x9d86081c) out of 5 stars Just not quite the book it promises to be June 3 2008
By Jay P. Vansanten - Published on Amazon.com
Format: Paperback Verified Purchase
More recent books on web application security are welcomed. The publication date of 2006 suggests it might fall into that category.

The focus on the programmer is also welcomed. Many security books deal with threats, but the actual practice of programming to ameliorate those threats may not be readily apparent. One would like support for a programmer "security mindset" and specific strategies to implement that.

The book is addressed to programmers and written in a fashion that is engaging. And, as a more general work to highlight the importance of security at the development stage, it's OK.

But, there's just not much depth here for it's intended topic. And, the content appears to reflect lectures presented in the 90s. There's some significant reference to C, which is not typically used in contemporary web programming. The focus tends towards the *nix world, but again a fair amount of emphasis, as I recall, on cgi, where again, PHP is more commonly used today. References in the Microsoft world are exclusively to ASP -- a technology which was superseded in 2002 by ASP.NET.

There's some appropriate programming advice here. But, it's soft rather than hard, and diffuse and general rather than focused and specific.

I would rate it 3 stars for that content if it were more appropriately titled.
1 of 1 people found the following review helpful
HASH(0x9d719ae0) out of 5 stars Very good book of knowledge. Sept. 23 2012
By Learning Man of Knowledge - Published on Amazon.com
Format: Paperback Verified Purchase
This book shows you how to do many things. It walks you step by step to create many links for your own Security. For myself, the knowledge that shows you "How to create" is the best part of this book I like for the Security of my computer.
2 of 3 people found the following review helpful
HASH(0x9d7fef84) out of 5 stars Good read for the security conscious March 16 2007
By Amazon Customer - Published on Amazon.com
Format: Paperback
When I came across this book on the O'Reilly website I was immediately interested, as web applications are becoming more and more prevalent. And other than thinking it covered methods of securing web applications I had no preconceived assumptions. My main aspiration for this book was to give me better awareness of security in the area of web applications and to provide me with some tools. After having read this book I can say that it has done both.

Each of the chapters in this book seem to follow a pattern of first defining the topic, second giving real world examples, and finally providing the reader with solutions. The book begins by providing a history of the hacking methodology and defining the various types of hacking. It was interesting to learn about some of the various hacks and hackers. For example, I had no idea Steve Jobs (Apple Computers) used to be a hacker.

In chapter two the author discusses what he calls a "Code Grinder", and how to not become or produce a code grinder. A code grinder is someone who works in a highly regulated environment where creativity is discouraged. I found it interesting that a code grinder environment typically produces more unsecure code then an environment that is open and promotes creativity.

Chapter three discusses the risks associated with mobile code. Chapter four covers vulnerable CGI scripts and introduces the reader to some tools such as Nikto and Web Hack Control Center to scan your website to find vulnerabilities. The author goes on to discuss the issues faced by the various CGI scripting languages, and then provides an outline of rules to writing secure CGI scripts.

Chapter five covers hacking techniques and tools. This section gets you into the mind of a hacker, what are their goals, how are those goals achieved and what tools do they use. In chapter six the topic is "Code Auditing and Reverse Engineering." This chapter I found exceptionally interesting and helpful. The author takes you through various types of vulnerabilities and with each weakness explains how it affects each of the more popular programming/scripting languages. And to take it a step further the author also provides the reader with the functions/methods for each programming/scripting language that are vulnerable to attack and then explains either how to use those functions securely or gives an alternative function/method that is more secure.

Chapters seven through ten cover securing code in specific languages; Java, XML, ActiveX, and ColdFusion. Chapter eleven discusses developing security enabled applications using such technologies as PGP, SSL, and PKI. Finally in chapter twelve the author wraps up the book by taking the reader through creating and working with a security plan.



I found this book to be interesting and a good read. I plan to make use of some of the tools it introduced in hardening applications I work with and develop. And as I mentioned before, the chapter on code auditing will be extremely useful to me in cleaning up existing apps and developing new ones. I liked this book and I would recommend it to anyone who is writing code.
1 of 3 people found the following review helpful
HASH(0x9d8432e8) out of 5 stars Great Overview of a complex subject! Feb. 20 2007
By Richard Callaby - Published on Amazon.com
Format: Paperback
With the increasing number of incidents of crime that is occurring on the world wide web it behooves every programmer to become fluent in all aspects of information security. This book provides a great overview of the various methods a hacker uses to penetrate various forms of web architectures. The author's goals it seems was to cover a broad subject by touching on all important aspects of securing a website.

Throughout the book a hacker mindset is presented and how to design your website to overcome the tools and tricks of the hacker. For instance in many of the chapters the manner of attack that a hacker would use to exploit a piece of technology is covered. Overall I believe this book to be a good introduction to the field of securing websites. Since security in of itself is such a broad subject and the Internet is also a broad subject it is unfair to expect one book to cover all aspects of a complex and dynamic environment