What every programmer needs to know about security, illustrated with running examples of web applications and stories of what’s gone wrong in the past. This book takes a principles approach to helping you design and implement your applications to be secure from the groundup and illustrates these principles using running examples of web applications throughout the book. This book does not just focus on merely teaching you tips and tricks that allow you to band aid the security of your systems. Instead, it illustrates how security principles can be employed to prevent some of the most significant, current day attack types, such as crosssite scripting (XSS) and SQL injection as well as more traditional attack types such as buffer overflows.
Neil Daswani, PhD has served in a variety of research, development, teaching and managerial roles at Google, NTT DoCoMo USA Labs, Stanford University, Yodlee and Telcordia Technologies (formerly Bellcore). While at Stanford, Neil confounded the Stanford Center Professional Development (SCPD) security Certification program. His areas of expertise include security, peertopeer systems and wireless data technology. He has published extensively in these areas he frequently gives talks at industry and academic conferences and has been granted several US patents. He received PhD in computer Science from Stanford University. He also holds an MS in Computer Science from Stanford University and a BS in Computer Science with Honors with distinction from Columbia University.
Cristoph Kern is an Information security engineer at Google, and was previously a senior security architect at Yodlee, a provider of technology solutions to the financial services industry. He has extensive experience in performing security design reviews and code audits, designing and developing secure applications and helping product managers and software engineers effectively mitigate security risks in their software products.
Anita Keswani is a freelance writer and received MFA in creative writing from Sarah Lawrence College. She also holds a BA in English from IllinoisWesleyan University. One of her specializations is communicating complex technical ideas in simple, easytounderstand language.