Sverre Huseby's book is 'subtitled a security wake-up call for web programmers', and for once this isn't publisher's hype. Huseby succeeds in showing up the inherent dangers of developing in a web environment, and if it doesn't scare the hell out of you then you're either very good or very stupid. In the process he lays down a set of rules, 27 in all, which help to minimise the risks he exposes in even the most innocent of transactions."
January 28, 2004
TBR writes "I don't know about innocent code, but by the time I had finished this book I certainly felt like an innocent coder. In many respects this is the security book that all developers need to read. Where the majority of books on security are devoted to the system admin view of the world, or are about the security ins and outs of this or that platform, this book is focused exclusively on the programmer end of the food-chain.