This week's book giveaway is in the Agile and Other Processes forum.
We're giving away four copies of Darcy DeClute's Scrum Master Certification Guide: The Definitive Resource for Passing the CSM and PSM Exams and have Darcy DeClute on-line!
See this thread for details.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Devaka Cooray
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
  • paul wheaton
  • Jeanne Boyarsky
  • Tim Cooke
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Tim Moores
  • Mikalai Zaikin
  • Carey Brown

Sunshine On Java: Secure Web Applications With Code Examples

Posts: 962
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Author/s    : Natalie "Sunny" Wear
Publisher   :
Category   : Advanced Java
Review by : Jeanne Boyarsky
Rating        : 7 horseshoes

This e-chapter (e-book) covers 3 of the OWASP top 10 (XSS, CSRF and SQL injection.) With a bonus mention of session fixation. While Amazon counts it as 29 pages, once you get past the intro we are down to 24 pages. The author covers the attacks and how to prevent them in a succinct manner.

When I first read the chapter, I was surprised to see Clickjacking wasn't included. But then I looked and it is not currently in the OWASP top 10 which was the inspiration for the book. (It is still important though; make sure to read about it on

I would have liked more detail. For example show an example of CSRF along with the different ways to prevent it. It's not enough to say use a filter/token. This introduces issues of its own which need to be addressed.

As far as whether to buy the e-chapter, it is a question of whether you would pay $5 for one chapter of a book. A good chapter, but still only one chapter. I think the answer is yes in this case. But I can't bring myself to call it a book so I'm going to recommend this e-chapter to those who are unfamiliar with two or three of these attacks. If you are already familiar with them, just go on OWASP directly.

Disclosure: I received a copy of this book from the publisher in exchange for writing this review on behalf of CodeRanch.

More info at
Ranch Hand
Posts: 3389
Mac MySQL Database Tomcat Server
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
That is a very precise review Jeanne. A good point you had made on 'clickjacking', which I came across for the first time. Reason may be due to being slightly out of touch in technical areas for sometime.

I liked the disclaimer very much
author & internet detective
Posts: 41774
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Raghavan Muthu wrote:I liked the disclaimer very much

Thanks. When the author contacted me about running a promo, I said I wanted to review the book first. Self published books vary broadly in quality so I wanted to make sure we weren't promoting something with a quality problem. And we weren't. The content was correct.
Straws are for suckers. Now suck on this tiny ad!
a bit of art, as a gift, the permaculture playing cards
    Bookmark Topic Watch Topic
  • New Topic