I recently did a technical review of How to Break Web Software: Functional and Security Testing of Web Applications and Web Services, by James A. Whittaker and Mike Andrews. My thoughts: it’s well worth reading.
Though what I reviewed wasn’t yet a final draft (my job was to help find technical and other errors, make suggestions on organizing the information and so forth), the content was (mostly) all there. I own other work by Whittaker, and I encourage anyone who’s interested to read this book when it’s published. It is appropriate for a variety of audiences. I will not recommend anything to anyone—I don’t want to be in the position of giving advice, for several reasons—but allow me to “suggest that you consider owning a copy” if you make things people will view with a web browser. Here’s a sampling of folks for whom I consider this book especially relevant:
- a tester
- a programmer
- a team leader or manager
- a creative copywriter
Security is everyone’s job, and basic understanding of how security can be violated will change the way you think. It’s a good thing.
I am not paid for this veiled endorsement. It is unsolicited, but approved by the authors :^).