I recently finished this book and really, after a long, long time I wanted to write a review. xorl beat me to it 😦

xorl %eax, %eax

Everybody in the “security world” knows Michal Zalewski and his work especially in the field of web security and exploitation. So, with no further introduction here is my review of his new book, “The Tangled Web“.

Title: The Tangled Web: A Guide to Securing Modern Web Applications
Author: Michal Zalewski

Chapter 1: Security in the World of Web Applications
Here we have a nice introduction to the web application security going through all the required theoretical information as well as useful historical references.

Part I: Anatomy of the Web
Chapter 2: It Starts with a URL
Although a chapter dedicated to URL might initially seem like an overkill, M. Zalewski proves the opposite. In this chapter we can see that are so many details in parsing URLs correctly that is extremely difficult to have an application able to handle all of them properly.

Chapter 3: Hypertext Transfer Protocol

View original post 815 more words