• List Price: CDN$ 71.99
  • You Save: CDN$ 4.28 (6%)
Temporarily out of stock.
Order now and we'll deliver when available. We'll e-mail you with an estimated delivery date as soon as we have more information. Your account will only be charged when we ship the item.
Ships from and sold by Amazon.ca. Gift-wrap available.
Quantity:1
Innocent Code: A Security... has been added to your Cart
+ CDN$ 6.49 shipping
Used: Very Good | Details
Sold by bwbuk_ltd
Condition: Used: Very Good
Comment: Ships from the UK. Former Library book. Great condition for a used book! Minimal wear. 100% Money Back Guarantee. Your purchase also supports literacy charities.
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Innocent Code: A Security Wake-Up Call for Web Programmers Paperback – Jan 30 2004

5.0 out of 5 stars 1 customer review

See all 2 formats and editions Hide other formats and editions
Amazon Price
New from Used from
Kindle Edition
"Please retry"
Paperback
"Please retry"
CDN$ 67.71
CDN$ 25.24 CDN$ 0.01

Harry Potter and the Cursed Child
click to open popover

Special Offers and Product Promotions

  • You'll save an extra 5% on Books purchased from Amazon.ca, now through July 29th. No code necessary, discount applied at checkout. Here's how (restrictions apply)

No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.
Getting the download link through email is temporarily not available. Please check back later.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your mobile phone number.




Product Details

  • Paperback: 248 pages
  • Publisher: Wiley; 1 edition (Jan. 30 2004)
  • Language: English
  • ISBN-10: 0470857447
  • ISBN-13: 978-0470857441
  • Product Dimensions: 18.9 x 1.1 x 23.6 cm
  • Shipping Weight: 458 g
  • Average Customer Review: 5.0 out of 5 stars 1 customer review
  • Amazon Bestsellers Rank: #2,312,787 in Books (See Top 100 in Books)
  •  Would you like to update product info, give feedback on images, or tell us about a lower price?

  • See Complete Table of Contents

Product Description

Review

??the security book that all web developers need to read?sound advice?ignore at peril?? (Tech Book Report, January 2004)

"?achieves its aims admirably?" (PC Utilities, April 2004)

??should be required reading for web developers?? (about.com, March 2004)

??if you are a web techie you will love this book, I did?? (Infosecurity Today, July 04)

From the Back Cover

This book is much more than a wake-up call. It is also an eye-opener. Even for those who are already awake to the problems of Web server security, it is a serious guide for what to do and what not to do, with many well-chosen examples. The set of fundamental rules is highly relevant.

Peter G. Neumann, Author of Computer-Related Risks,and moderator of the Internet Risks Forum (risks.org).

This concise and practical book will show where code vulnerabilities lie and how best to fix them. Its value is in showing where code may be exploited to gain access to - or break - systems, but without delving into specific architectures, programming or scripting languages or applications. It provides illustrations with real code.

Innocent Code is an entertaining read showing how to change your mindset from website construction to website destruction so as to avoid writing dangerous code. Abundant examples from susceptible sites will bring the material alive and help you to guard against:

  • SQL Injection, shell command i njection and other attacks based on mishandling meta-characters
  • bad input
  • cross-site scripting
  • attackers who trick users into performing actions
  • leakage of server-side secrets
  • hidden enemies such as project deadlines, salesmen, messy code and tight budgets

All web programmers need to take precautions against producing websites vulnerable to malicious attack. This is the book which tells you how without trying to turn you into a security specialist.

See all Product Description

Customer Reviews

5.0 out of 5 stars
5 star
1
4 star
0
3 star
0
2 star
0
1 star
0
See the customer review
Share your thoughts with other customers

Top Customer Reviews

Format: Paperback
This book is similar in many respects to Web Hacking: Attacks and Defense (ISBN 0201761769). While that book was aimed at security professionals who needed to understand the exposures and vulnerabilities in web systems that were commonly exploited by the bad guys and gals, this book is aimed more at developers.
Like for former book, this one systematically covers exposures and vulnerabilities, and provides remedies at the code level. What sets this book apart is every component of a modern web site, from web server to backend database is covered, problem areas from a developer's perspective are highlighted, and solutions for resolving the problem areas given. I like this book because developers, from casual hobbyists to professionals, will easily grasp the information. More importantly, the material is not insultingly simple to experienced developers, nor is it over the head of less experienced ones.
Another reason I like this book is in systematically uncovering exposures the QA team can also use this book as a sourcebook for developing a baseline set of test cases that will catch security-related problems during acceptance, functional qualification, or regression test cycles.
In my opinion not only should web developers (including DBAs) and QA professionals read this book, but it should also be adopted by development organizations and projects as a part of coding standards.
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again.
Report abuse

Most Helpful Customer Reviews on Amazon.com (beta)

Amazon.com: HASH(0x9cddac78) out of 5 stars 5 reviews
18 of 18 people found the following review helpful
HASH(0xa27786d8) out of 5 stars Focused info for developers more than security pros March 17 2004
By Mike Tarrani - Published on Amazon.com
Format: Paperback
This book is similar in many respects to Web Hacking: Attacks and Defense (ISBN 0201761769). While that book was aimed at security professionals who needed to understand the exposures and vulnerabilities in web systems that were commonly exploited by the bad guys and gals, this book is aimed more at developers.
Like for former book, this one systematically covers exposures and vulnerabilities, and provides remedies at the code level. What sets this book apart is every component of a modern web site, from web server to backend database is covered, problem areas from a developer's perspective are highlighted, and solutions for resolving the problem areas given. I like this book because developers, from casual hobbyists to professionals, will easily grasp the information. More importantly, the material is not insultingly simple to experienced developers, nor is it over the head of less experienced ones.
Another reason I like this book is in systematically uncovering exposures the QA team can also use this book as a sourcebook for developing a baseline set of test cases that will catch security-related problems during acceptance, functional qualification, or regression test cycles.
In my opinion not only should web developers (including DBAs) and QA professionals read this book, but it should also be adopted by development organizations and projects as a part of coding standards.
4 of 4 people found the following review helpful
HASH(0xa277872c) out of 5 stars a longer discussion of Trojans would have been nice Sept. 13 2005
By W Boudville - Published on Amazon.com
Format: Paperback
Huseby walks through many instances of flawed web code. Client side and server side. All of these have been covered before in other forums and books, but he offers a clear exposition of the dangers.

Take SQL injection. If you do not have your web server filter the user's input in a web page submitted by her browser, and you blithely pass her string to your SQL engine, you are asking for grief. You're begging for a cracker to stuff a SQL command script to sabotage or exacavate your database. Thus too for shell command injection, where your server might inadvertantly execute that as a shell command. Remember to filter user input!

Cross site scripting and Trojans are also explained. Unfortunately, while the Trojan discussion is understandable, it is far too short.

There is no discussion of antiphishing methods. Though in the Trojan chapter, an example fake email would qualify as phishing. Perhaps the author saw no technical solution for phishing. And this book is about technical solutions.
6 of 7 people found the following review helpful
HASH(0xa2778b64) out of 5 stars Highly recommended Aug. 6 2004
By Stephan Meyn - Published on Amazon.com
Format: Paperback
Security is a serious issue and education of the developer about writing secure code is extremely important. There are a lot of books out there that write either about how to configure your servers or about the various security technologies (cryptography, WSE etc) - this is not unimportant but it is incomplete because it ignores weaknesses introduced through coding practices.

The author manages a tight and very readable book that is addressed at the software developer. It can be read in about a day or afternoon (if you happen to be stranded at an airport lounge). I will be suggesting it to be one of our standard literature titles on the development floor.
HASH(0xa2778f24) out of 5 stars Great, informative book! Aug. 26 2009
By J. Shiflett - Published on Amazon.com
Format: Paperback
This was a very informative book. It was straight to the point with no bull. Very helpful.
1 of 8 people found the following review helpful
HASH(0x9da23024) out of 5 stars A great tool. Nov. 30 2004
By Roy D. Woods - Published on Amazon.com
Format: Paperback
Aside from the publication errors ( 2 chapter 2's and part of chapter 1 at the end of chapter 2 - arg). The books is full of great examples and useful information for developer's and IT security auditors. If nothing else it helps so provide simple examples of possible exploits. (And given the publication errors, my copy is a colletor's item...) Cheers!!!


Feedback