BOOK REVIEW: The Tangled Web And Untangling Web Security

Tangled Web book cover

Front-end developers are being assigned more and more projects that require cross-domain communication with data services via JavaScript, and so web security and handling cross-domain applications has become more important. I find that many developers don’t want to handle such mundane details—they simply want their app to work like it should—but they have to learn these things in order to accomplish their task.

Michal Zalewski, who has a strong pedigree in web security circles and wrote Google’s own Browser Security Handbook, has a really excellent book out called The Tangled Web: A Guide to Securing Modern Web Applications. I am really impressed by how thorough and comprehensive the book is—it’s 300 pages, quite dense and covers all the major topics on web security I can think of. It’s also very technical, so much so that I think its target audience is back-end developers and system administrators more than front-end developers. I’m not sure yet if front-end developers need to know everything in The Tangled Web or should worry more about the bits that they can do something about and leave the rest for their colleagues on the back end.

Fortunately, most of the early chapters cover familiar front-end topics such as HTML, CSS and JavaScript and I really recommend those for front-end developers. They will really open your eyes to all the little security imperfections in the code we write every day, a lot of which seem safe but can cause big problems. The Tangled Web really opened my eyes on the subject, and I’m looking forward to making my code more airtight.

There’s not much I can say against The Tangled Web: it is comprehensive, clearly written, and technically accurate. I think front-end developers can definitely get a lot of use out of it but some chapters cover topics they can’t always do anything about, such as server connections. Back-end developers, database programmers and system admins will probably have the same reaction to those early chapters on front-end programming. Before you buy, read the outline of The Tangled Web’s chapters and see if the book is a good fit for you.

a href=”http://www.amazon.com/gp/product/1593273886/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&tag=wwwjeremyschu-20&linkCode=as2&camp=1789&creative=9325&creativeASIN=1593273886″>The Tangled Web: A Guide to Securing Modern Web Applications
Michal Zalewski
Published by No Starch Press
US $49.95
Rating: 10/10
Buy from Amazon.com