Michal Zalewski, who has a strong pedigree in web security circles and wrote Google’s own Browser Security Handbook, has a really excellent book out called The Tangled Web: A Guide to Securing Modern Web Applications. I am really impressed by how thorough and comprehensive the book is—it’s 300 pages, quite dense and covers all the major topics on web security I can think of. It’s also very technical, so much so that I think its target audience is back-end developers and system administrators more than front-end developers. I’m not sure yet if front-end developers need to know everything in The Tangled Web or should worry more about the bits that they can do something about and leave the rest for their colleagues on the back end.
There’s not much I can say against The Tangled Web: it is comprehensive, clearly written, and technically accurate. I think front-end developers can definitely get a lot of use out of it but some chapters cover topics they can’t always do anything about, such as server connections. Back-end developers, database programmers and system admins will probably have the same reaction to those early chapters on front-end programming. Before you buy, read the outline of The Tangled Web’s chapters and see if the book is a good fit for you.
a href=”http://www.amazon.com/gp/product/1593273886/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&tag=wwwjeremyschu-20&linkCode=as2&camp=1789&creative=9325&creativeASIN=1593273886″>The Tangled Web: A Guide to Securing Modern Web Applications
Published by No Starch Press
Buy from Amazon.com