- 出版社: No Starch Press,US (2011年11月19日)
- 平装: 320页
- 语种： 英语
- ISBN: 1593273886
- 条形码: 9781593273880
- 商品尺寸: 17.8 x 2.1 x 22.9 cm
- 商品重量: 603 g
- ASIN: 1593273886
- 用户评分: 1 条商品评论
- 亚马逊热销商品排名: 图书商品里排第2,424,039名 (查看图书商品销售排行榜)
The Tangled Web (英语) 平装 – 2011年11月19日
买满 ￥99.00 立减 ￥10.00: 满足条件自动优惠
Michal Zalewski is an internationally recognized information security expert with a long track record of delivering cutting-edge research. He is credited with discovering hundreds of notable security vulnerabilities and frequently appears on lists of the most influential security experts. He is the author of Silence on the Wire (No Starch Press), Google's "Browser Security Handbook," and numerous important research papers.
此商品在美国亚马逊上最有用的商品评论 (beta) (可能包括"Early Reviewer Rewards Program"的评论)
That one sentence sums up why "The Tangled Web" is, hands down, the best book on web and browser security. It is all too easy to criticize, lament, and create paranoid scenarios about the "unsound security foundations" of the web. Truth is, all of that criticism is true, and yet the web has proven to be an incredibly robust platform. In this book Michal Zalewski walks us through the history and the evolution of the architecture of the popular browsers, servers, protocols, and everything in between - as it relates security of modern web applications.
Instead of focusing on the usual security acronyms and "attack classes", this book will give you something much more powerful: a bottom up understanding of how a modern browser operates, why it does what it does, and what implications this has for designing more secure applications. This book should be mandatory reading for every web-developer. Highly recommend it.
This book is poorly structured. It seems like the author compiled his scribbles and notes into a book without considering how they would fit together. The content is superficial at best and lacks examples. Moreover, it seems like the author has used this book as a stage to talk negatively on internet Explorer (we get it, it's a bad browser). I tried to give this book multiple chances but had to stop reading it around page 150. It's simply a bad book.
I recommend to stay away from this book and consider other options (such as Web App Hacker Handbook) to anyone interested to learn web app security.
Before I didn't even realized that e.g. when Flash makes cross domain requests it appends all ambient credentials - and there are so many insights like this in this book.
While reading I also found a bunch of critical vulnerabilities in the projects I know.
Make no mistake, the book is focused on the browser and related technologies rather than the theory of security. The same tremendous insight, that made me nod with appreciation and wish that I had the book 5 years ago while working on security policies, illuminates browser concepts like in-browser content separation, scripting, and much more.
I appreciate the authors treatment of each of the concepts in the context of the browser as a complex and still evolving technology, with it's own history, standards, market requirements and politics.
- 图书 > 进口原版 > Computers & Technology（计算机与科技） > Business & Management（商业与管理） > Privacy
- 图书 > 进口原版 > Computers & Technology（计算机与科技） > Networking（网络） > Internet, Groupware, & Telecommunications
- 图书 > 进口原版 > Computers & Technology（计算机与科技） > Networking（网络） > Network Security
- 图书 > 进口原版 > Computers & Technology（计算机与科技） > Programming（编程） > Algorithms > Cryptography
- 图书 > 进口原版 > Computers & Technology（计算机与科技） > Security & Encryption（安全与加密） > Viruses