web/Zalewski本/reviewについて、ここに記述してください。
http://packetstormsecurity.org/news/view/20578/Book-Review-The-Tangled-Web-By-Michal-Zalewski.html
This book puts some very complicated nuances in plain (enough) english.
It starts out with Zalewski giving a brief synopsis of the security industry and the web. Breakdowns of the basics are provided and it is written in a way that is inviting for anyone to read. It goes on to cover a wide array of topics inclusive to the operation of browsers, the protocols involved, the various types of documents handled and the languages supported. Armed with this knowledge, the reader is enabled to tackle the next section detailing browser security features. As the author puts it, it covers "everything from the well-known but often misunderstood same-origin policy to the obscure and proprietary zone settings of Internet Explorer". Browsers, it ends up, have a ridiculous amount of odd dynamics for even the simplest acts. The last section wraps things up with upcoming security features and various browser mechanisms to note.
http://aplawrence.com/Security/tangled_web.html
This is one of those very upsetting books. I found it very hard to read, not because of any fault of the author or the publisher, but because the content made me uncomfortable. I literally squirmed in my seat and would sigh so often that my wife would worriedly ask "What's wrong?"
What's wrong is that the web is a dangerous place.
Where and how that danger lurks is the subject of this book.
- Its subtitle is "A Guide to Securing Modern Web Applications" which certainly sounds hopeful: