Author/s : Natalie "Sunny" Wear
Publisher :
Category :
Advanced Java
Review by : Jeanne Boyarsky
Rating : 7 horseshoes
This e-chapter (e-book) covers 3 of the OWASP top 10 (XSS, CSRF and SQL injection.) With a bonus mention of session fixation. While Amazon counts it as 29 pages, once you get past the intro we are down to 24 pages. The author covers the attacks and how to prevent them in a succinct manner.
When I first read the chapter, I was surprised to see Clickjacking wasn't included. But then I looked and it is not currently in the OWASP top 10 which was the inspiration for the book. (It is still important though; make sure to read about it on owasp.org.)
I would have liked more detail. For example show an example of CSRF along with the different ways to prevent it. It's not enough to say use a filter/token. This introduces issues of its own which need to be addressed.
As far as whether to buy the e-chapter, it is a question of whether you would pay $5 for one chapter of a book. A good chapter, but still only one chapter. I think the answer is yes in this case. But I can't bring myself to call it a book so I'm going to recommend this e-chapter to those who are unfamiliar with two or three of these attacks. If you are already familiar with them, just go on OWASP directly.
---
Disclosure: I received a copy of this book from the publisher in
exchange for writing this review on behalf of CodeRanch.
More info at Amazon.com