"The Tangled Web" is destined to be the definitive guide to web application security. Rather than simply enumerate known vulnerabilities or lay down a series of commandments from on high, famed security expert Michal Zalewski takes an in-depth look at how browsers actually work, how to leverage their features, and what pitfalls lurk in the shadows. An outgrowth of Zalewski's work on Google's online "Browser Security Handbook," "The Tangled Web" sheds light on the uniqueness of the security challenges that engineers, developers, and users face on the Web today. The book opens with a detailed examination of browser security mechanisms, the historical reasons behind their design, and their security consequences. Subsequent chapters discuss the security aspects of specific web technologies, including URLs, HTTP, HTML, JavaScript, the same-origin policy, and HTML5. Readers looking for quick answers will appreciate the cheat sheets in each chapter, which outline the most commonly encountered problems and how to tackle them. An appendix offers a glossary of well-known implementation vulnerabilities.
