Review of The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws

Dafydd Stuttard
Rating: 5/5

We are so fucked. I'm a professional software engineer who cares a great deal about correctness and about security. I've worked on the security team at Google. And I didn't know half of the exploits listed in this book. The underlying technology is sufficiently complicated that I would be very surprised to learn that a nontrivial piece of software is adequately defended against _all_ of them. Even if you aren't interested in breaking systems, this is a fantastic, eye-opening book on things to pay attention to when writing robust software.