If you could have only one book on web security, what would it be?

Question

Well, now clear. But again - question needs to be specified. There are lot of different fields in security, it is a very wide term. What would you like to hear about - cryptography, web-application security, servers administration, source code analysis and vulnerabilities, deep OS's inspections, user management and policies, etc.? No one good book can cover all the items at once. — , Nov 17 '10 at 18:07
Still not narrow enough... How to *break* websecurity (i.e. web attacks), or how to *make* it (i.e. secure coding and the like). Or, how to use it, e.g. secure browsing... — AviD, Nov 17 '10 at 20:24
Btw, @Moshe, welcome to the site! Note you might want to wait a while before accepting an answer, especially to a question like this - it will discourage additional answers, which might be even better. Note that this is also quite subjective... — AviD, Nov 17 '10 at 20:26

score 13 · Accepted Answer · answered Nov 17 '10 at 18:25

13

Many people do recommend this one book: The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws, which I also find very useful. But you should not rely upon only on one book. This book was released back in 2007 year, now there have appeared many new technologies. So, besides books you should follow standards, RFC's and other documents. I know other really good and fresh book. I have only hard copy in German, not aware if it is available in English - Sichere Webanwendugen.

answered Nov 17 '10 at 18:25

By the way, mentioned book highlights : http://portswigger.net/wahh/ – Nov 17 '10 at 22:09
Love this book! – Chris Dale Apr 19 '11 at 19:19
+1. [Sichere Webanwendungen](http://www.amazon.de/Sichere-Webanwendungen-Praxisbuch-Mario-Heiderich/dp/3836211947) is one of the best, in my opinion. But WebApp Hacker's Handbook is really good as well :) – freddyb May 09 '11 at 20:16
second edition available – schroeder Mar 15 '12 at 21:40

score 9 · Answer 2 · answered Dec 08 '11 at 15:56

9

Since it's now out, my answer would be The Tangled Web by Michal Zalewski.

answered Dec 08 '11 at 15:56

Bruno Rohée

5,221
28
39

score 6 · Answer 3 · answered Apr 19 '11 at 15:20

6

Ross Anderson's Security Engineering is excellent (and the first edition is currently available online. Some sample chapters from the second edition are online at the time of writing).

answered Apr 19 '11 at 15:20

frankodwyer

1,907
12
13

score 6 · Answer 4 · answered Nov 17 '10 at 20:34

alt text

For books on how to build web security, Writing Secure Code v2 from MS Press is still a seminal classic, and even though it was written quite a few years ago by Internet standards, it is still very relevant, and relatively up to date (if no longer complete because of new attack techniques). And it's not just for MS platforms (though many of the newer frameworks are missing)...

score 4 · Answer 5 · answered Nov 17 '10 at 22:00

4

I prefer Hunting Security Bugs to The Web Application Hacker's Handbook, but fortunately, you can have more than one book in your life. I have about 40,000.

answered Nov 17 '10 at 22:00

atdre

18,885
6
58
107

you live in a library? – borisdiakur Oct 22 '13 at 10:57

score 3 · Answer 6 · answered Nov 18 '10 at 13:16

3

I nice introductionary book to web security I am reading now is Hacking: The Next Generation.

alt text

It covers a wide range of topics, so maybe it could not be for you if you are looking for something deeper and more focused.

answered Nov 18 '10 at 13:16

gbr

2,000
1
16
22

score 1 · Answer 7 · answered Mar 14 '12 at 14:21

1

the Web Application Hackers handbook v2 and as a hacker/security guy one book is not what you look for ,also OWASP books are very good in the subject

answered Mar 14 '12 at 14:21

P3nT3ster

877
7
10

If you could have only one book on web security, what would it be?

7 Answers7

Linked