Å·±¦ÓéÀÖ

This was the first book I've read about web security, recommended by a fellow who lectured on the subject at our company. It wasn't organized exactly how I expected, but I think that was a good thing. I was expecting the book to list the vulnerabilities outlined in OWASP one by one, explaining what they are and how to prevent them. However, those were not discussed until at the very end of the book. Instead, the bulk of the book was really about understanding every little piece of the puzzle that makes the web, the browsers and the servers communicate and work. It started from HTTP mechanics, onto HTML quirks, CSS, Javascript... all these little pieces were covered.

The aim of the book, as I see it, was to make the reader first understand how the web works. In each chapter security issues were discussed basically related to the topics discussed in that chapter, while linking it, from time to time, to the big picture, which is, basically, the OWASP list of vulnerabilities.

So, while the book was not organized the way I expected, I really ended up liking the way it is now. I now know a lot more about each component of the web, which helps me understand the security issues better. This book is also remarkable in the sense that it doesn't waste time on irrelevant issues: I felt that every page and every chapter contained information that is useful. The writing style was very consistent and to the point.

Highly recommended.