A programmer's perspective

The Tangled Web is a book for a software developer who is already well versed in web applications. It is a collection of discussions on how various types of web software function, presented with comments on how obviously dangerous the situation. Unfortunately for those who are not web programmers, the implications of the examples are not always intuitively obvious. The book’s at once paternal and gossipy tone suggests an exclusive club of expert developers facing problems in the security field for which this book provides profound revelations and fills knowledge gaps. Nevertheless, a less skilled programmerwilling to supplement the bookwith their own web searches and code exercises should be able to learn as much as the experts for whom the connections are intuitive. However, those who view systems security from a higherthan-code level may find this book hard to digest. For example, on page 2, Zalewski compares the definition of a secure system to Victor Hugo’s definition of love, and those notmotivated to become secure programming expertsmay be tempted to give up there. Especially upon recognition that the definition used for “secure system,” that is, “one that does what it is supposed to do and nothing more” is attributed to a software vulnerability professional in “circa 2000.” More seasoned professionals will recognize this as a software correctness principle which has been profitably applied to software assurance since the early 1990s (Abrams and Zelkowitz, 1994; Schneider, 1999). Such cultural assumptions