Tactics of Defense and Attack on Web Applications

Aleksandr Shitik
Aleksandr Shitik

I write my own posts and books, and review movies and books. Expert in cosmology and astronomy, IT, productivity, and planning.

Tactics of Defense and Attack on Web Applications
Marsel Nizamutdinov
Genres: Programming
Year of publication: 2005
Year of reading: 2020
My rating: Good
Number of reads: 1
Total pages: 427
Summary (pages): 0
Original language of publication: Russian
Translations to other languages: No translations to other languages found

I often review books in the form of a brief summary of their content. This time, I’ll try a slightly different format: I’ll describe the book’s features, pros, and cons in detail (from my point of view) right away, without retelling the content.

Features

  1. The book leans heavily on PHP for the backend (most examples are in this language) and JS for the frontend.
  2. The book is more suitable for beginners in the field of security (junior to middle level).
  3. As you may have already guessed from the title, the book is web-oriented (so it's no surprise it focuses heavily on PHP and JS).
  4. The following topics are covered:
    • Script vulnerabilities, specifically:
      • Errors in various data transmission methods.
      • Vulnerabilities in PHP scripts.
      • Specific bugs in Perl scripts.
      • Errors not tied to any particular programming language.
    • SQL injections.
    • Authorization and authentication.
    • XSS and stolen cookies.
    • Impact of programming language configuration on security.
    • Hosting-specific aspects.

Pros

  1. There’s practical material included.
  2. A short and concise introductory section.
  3. The chapters follow a consistent logical order.
  4. The book is sold with a compact disc (as advertised).
  5. Throughout the book, you’ll find useful tips and discussions of both bad and good coding practices.

Cons

  1. The book is quite lengthy (over 400 pages).
  2. Only a few types of attacks are discussed, and it can’t be considered a reference manual on security — even in the context of web, let alone security in general. Many topics are not covered at all (e.g., working with web servers is only briefly mentioned; there's nothing about frameworks or low-level programming languages — for instance, buffer overflow errors; DDoS attacks are practically not covered).
  3. The edition I had was from 2005. Honestly, I wouldn’t consider this a major drawback (compared to the previous point), since the issues discussed in the book are still quite relevant today.

Conclusion

If you’re not an experienced senior developer, I’d recommend reading this book — you’ll definitely find a lot of useful material in it. Otherwise, it’s better to check out other books (one of which I plan to review soon — so stay tuned for more book breakdowns).

Вверх