Michal Zalewski's (who is better known as lcamtuf) new book went public a couple of hours ago. Since I was one of the lucky ones to get to see the book before it was published, I decided to write a short note on the book.
TL;DR: Must have.
Let's start with Michal's previous book - "Silence on the Wire". What can I say, the book was awesome - I enjoyed reading it and learned a lot, especially on the out-of-the-box approach to hacking. "Silence..." talked about a variety of things, including (but not limited to) low level networking, higher level networking, computer systems as whole, etc. And, well, "Silence..." is a book I recommend to everyone who's interested in hacking and/or security research.
"The Tangled Web" on the other hand is a different kind of book. It focuses on one topic (client side web security) and describes it with an unseen level of details. And uh, I think almost everything from that ecosystem is described, with all the juicy details, differences in implementations, little known mechanisms and a whole lot of interesting browser quirks. Basically this is a must read for anyone who wants to engage web client security on a professional level (or anyone who wants to tangle with the web, so to speak).
Well, I guess the best argument for it's quality is that the first thing I did after looking through the book was pre-ordering it :)
I guess I'll stop here. If your interested take a look at the table of contents and the exemplary chapter. And also check out Browser Security Handbook which is a great praeludium to this book.
Oh, and by the way, there is a 40% promo code on lcamtufs blog (valid until the end of this week if I'm not mistaking).
And that's that. I guess I need to update my "recommended books" list :)
2011-11-16:
Comments:
Add a comment: