Review: The Tangled Web: A Guide to Securing Modern Web Applications

The Tangled Web: A Guide to Securing Modern Web Applications is a fairly solid introduction to computer security in the context of web sites/browsers with one fairly major downside: it was published 7 years ago. In the context of the Internet, that’s… quite a while.

Which this book was published, IE had a 40% market share, followed by Firefox with 30%, and Chrome with only 20%. Given that more recent numbers show Chrome with 70%, FF with 10%, and IE + Edge together only at 10%… the Internet has changed. Since it was published, Flash is the next best thing to dead. HSTS and CORS are everywhere now (mentioned as future technologies in the book). Some issues just … aren’t any more, while a whole new kettle of worms is about.

That being said, it’s actually a pretty decent introductory book. Some things never change. The internet is still driven by URLs and cookies, and even the introduction of HTTP/2 and HTTP/3 now don’t change things that much. For the most part HTML is still HTML (although HTML4/XHTML issues are less relevant than they used to be). Even with CORS, SOP is still an issue, as is content types.

So really… you could do worse if you’re interested in learning a bit about computer security. Especially if you picked this book up as part of a Humble Bundle. :)