Just another ComMetrics – social media monitoring, best metrics, marketing metrics weblog

2 security – what every programmer needs to know – bookreview

August 21st, 2007 · No Comments ·

Recently we presented:

1 security – what every programmer needs to know

In the above posting we gave you a link to download Neil Daswani’s slides he used during a presentation he gave 2007-08-17 at the Google offices in Zurich.

Today we want to continue regarding web security and what programmers need to know. A good way to start is most certainly the book by:

Daswani, Neil, Kern, Christoph, & Kesavan, Anita (2007). Foundations of security – what every programmer needs to know. Berkeley, CA: Apress.

If you have something to do in your work with Java and JavaScript and have looked at CYTRAP Labs WinCurity, you know what we mean:

1 – FAQ – Java versus JavaScript – the basics

2 – FAQ – Java versus JavaScript – the security basics

And if you feel Web Security and Web 2.0 are not issues you have to worry about – think again:

Research that matters – 5 most popular Web 2.0 services for hackers

Below follows our review of the book by Daswani, Neil, Kern, Christoph, & Kesavan, Anita (2007)


Let it be said in advance – I like this book very much indeed. This is a list of the chapters for your perusal – Table of Content .

1) I like that this book is not pretentious, it says what it wants to accomplish — and it makes sure that the reader understands very quickly why web security is a serious matter indeed.

2) The authors try to offer material that is both of interest to geeks as well as the not so technically inclined person.

The authors manage very well to walk this fine line and, thereby, make sure that there is always a bit more for those who have gotten really hooked.

3) For instructors, the slides covering the chapters are available as well, thereby making it easy to use this book as course text.

For the more technically inclined, the authors provide nice opportunities to play around with the code that is also used for the many examples given throughout the book

Get it all for free here: Slides and Source Code

4) Easily structured book and easy to read without too much jargon or if needed, it’s nicely explained for the non-geek.

NOT SO GOOD POINTS (remember every book has a few, this one is no exception):

1) Chapters 9 (password security) and Part 3 (Introduction to Cryptography – chapters 12 – 15) are important. However, since some if not most of that material can be read in other places it might have been given less weight here.

Instead, I wished Part 2 (Secure Programming Techniques), especially, Chapters 6, 8, and 10 would have been expanded upon (e.g., 2 chapters out of each) to cover this in more depth, since many programmers appear to make too many mistakes here.

2) There is not to be found a comprehensive conclusion that helps the reader to develop tools, checklists or strategies on what he or she must begin with NOW to reduce risks regarding the organization’s information assets.


Daswani, Neil, Kern, Christoph, & Kesavan, Anita (2007). Foundations of security – what every programmer needs to know. Berkeley, CA: Apress.

Softcover: 37 pages (download pdf file)

Price Approx.: Euro 30.56 (VAT included)

ISBN: 1905356013


The criticisms I have against this book are minor and should not detract from the fact that this book is on my recommended list.

Certain things in this book may appear obvious to our expert readership, however, for most managers the things discussed are definitely not obvious. Moreover, we all need reminders that if we do not approach an issue systematically, many things may be left out even regarding web security.

I recommend this book — you can quickly go through it on a train to or from work — and it will provide you with some tips on where to start regarding the possible security problems in your organization’s programs or web applications.

This is is definitely a comprehensive introduction to the topic and while it does not cover many things, there is hardly another book out there allowing to get the basics and much more reading a few pages like here.


Here you FIND MORE REVIEWS about important books for your security library


Your favorite bookstore is sure to have this book, if not and you live in Europe you may check with Amazon France (has a nice service for Belgian, German, Italian AND Swiss residents).


To make it more convenient for you to take advantage of CyTRAP Labs’ offerings, just provide us with your e-mail address below. You can personalize your subscription to make it suit your needs.


→ No CommentsTags: apress · christoph · daswani · kern · kesavan · neil · programmer · waht