How to Break Web Software

I recently did a technical review of How to Break Web Software: Functional and Security Testing of Web Applications and Web Services, by James A. Whittaker and Mike Andrews. My thoughts: it’s well worth reading.

Though what I reviewed wasn’t yet a final draft (my job was to help find technical and other errors, make suggestions on organizing the information and so forth), the content was (mostly) all there. I own other work by Whittaker, and I encourage anyone who’s interested to read this book when it’s published. It is appropriate for a variety of audiences. I will not recommend anything to anyone – I don’t want to be in the position of giving advice, for several reasons – but allow me to “suggest that you consider owning a copy” if you make things people will view with a web browser. Here’s a sampling of folks for whom I consider this book especially relevant:

  • a tester
  • a programmer
  • a team leader or manager
  • a creative copywriter

Security is everyone’s job, and basic understanding of how security can be violated will change the way you think. It’s a good thing.

I am not paid for this veiled endorsement. It is unsolicited, but approved by the authors :^).

I'm Baron Schwartz, the founder and CEO of VividCortex. I am the author of High Performance MySQL and lots of open-source software for performance analysis, monitoring, and system administration. I contribute to various database communities such as Oracle, PostgreSQL, Redis and MongoDB. More about me.