tags:

views:

187

answers:

7
+3  Q: 

Current Books on web security

Have you read a book on web application security that could serve as a solid introduction to the subject for beginning web programmers?

So far I've found the following canditates, but none of them seem to be suitable for beginners (I haven't read any of these, this is just my impression from what is available on the web):

Background: I try to teach basic security in my PHP class. I show some examples of SQL Injection and Cross Site Scripting and then spend a lot of time on prepared statements and Escaping. My lecture notes are in german only.

Question inspired in part by this one

Similar Questions: general security, .NET security, Security+forensics

A: 

i didn't mind this one, "Grey hat Python".

It's suitable for a beginner.

It teaches you how to use c and python to do hacking

it teaches you how to build your own debugger and how to hack your own applications using various types of injections.

the book is not excellent, but it gave me a different perspective.

dassouki  2009-08-14 20:54:12
+3  A: 

The "Hacking exposed" series are usually a good intro material. I think this one can be a candidate.

Nasko  2009-08-14 20:58:15
A: 

You can find more than a dozen suggestions in this popular question: What are good books about security, hacking, and computer forensics?

DOK  2009-08-14 21:00:25
+1  A: 

I know you asked for books, but I don't know of any book that is as good as the OWASP web site. It's kept up-to-date, and the material is explained thoroughly and is easy to understand. Here's a good place to start: http://www.owasp.org/index.php/Category:Principle

They do offer several books, many (if not all) of which are available as free downloads here.

David Stratton  2009-08-14 21:03:55
+3  A: 

If you are teaching PHP, then I would highly suggest:

Essential PHP Security by Chris Shiflett

Chris was also the project lead on this free php security guide: http://phpsec.org/projects/guide/

Finally, you could also look into:

Web Hacker Boot Camp by Gerald Quakenbush

Mark Hammonds  2009-08-14 21:46:33
A: 

I really enjoyed reading Chained Exploits it is more like a novel than a textbook! But I'd also agree with Gray Hat Python but be warned - its more about building a debugger than security.

mikej  2009-08-18 11:57:30
+1  A: 
brianegge  2009-08-26 07:41:08

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security