The Tangled Web, book review

Book cover of The tangled web

  • Author: Michal Zalewski
  • publisher: O’Reilly Media ( No Starch Press )
  • pages: 273

Introduction

I liked the book, the book is thorough, on a tough subject. What I missed is a more practical approach of the secure web, almost all web developers are also intrigued by hackers. to my opinion hacking itself could make developers understanding the holes of the web more easily. I really would liked some more practical examples of websites and how to brake them.

The book is handy for reference ( although the internet is might be more useful ). I expected to learn some fundamentals to cope with security issues in the daily live of webdeveloping, that after reading the book and messing around with some code examples my awareness for possible security flaws would be raised.

Security Awareness

The untangled web partially raised my awareness. Since i read the book i am more aware of the possibility of security issues in many layers of the web, plugins, java applets and other stuff that lives on the internet. Again what I missed was a more practical approach. For example the book could start with a simple php site implementation. This should be of no concern for the average reader of this book. With the example site created the book could have show ways how to hack the site. I know this might not be the most ethical methodology, but for me it would be the best way to remember all the information about security issues and how to prevent them.

The Future

Later chapters describe some modern features of the web. Luckily most of the these are reasonably robust, for example web sockets and web workers. In this section the book becomes also more practical and more fun to read. I enjoyed the epilogue of the book where the analogy is made between the society en the online society which hasn’t had any time yet to form human-based ethics. Regarding piracy and security.

Conclusion

There is a lot to be said about web security, much more than i would have known. I hope i have raised my own awareness regarding security to implement it in my daily job. However i will have a hard time selling the extra time in advance to clients.

I must compliment the author for writing this reference book about security issues on the internet. It is easy to see that a lot of research has gone into this book. Bottom line this isn’t a fun developing book but it will certainly improve your quality as a developer.

The books product page

Book review: JavaScript Web Applications

Book cover of Javacript Web Applications

  • Author: Alex MacCaw
  • publisher: O’Reilly Media
  • pages: 280

Introduction

A book to create javascript applications for the intermediate javascript developer. This book gives you a kickstart, helps you choose the right framework, and architectural choices for your application

Review

The book has a fast pace, no thoroughly introduction of MVC, I think this is justified. MVC has been explained a lot of times the last decade. The author of this book explains a lot of modern frameworks en modern technologies

This book is not for the novice javscript developers even the intermediate developers can have a hard task grasping the contents of this book. You need to understand the core of javascript and jQuery as well as design patterns, at least a couple of them to get the most out of this book.

Personally for me the topic of this book is a bit overkill for the web applications I develop. Hence if the scale of my webapps grows more complex I will definitely turn to this book. It will explain a lot of usefull state of the art Javascript MVC frameworks.

After explaining several ways of working with events in javascript application the author starts digging into MVC. First a chapter on Models and ORM (Object-relational mapping) and how to populate your model with external data. Offline as well as online storage of the model is also described in this chapter. The next chapter is about the controller, the best ways of event delegation and accessing the views. And finally the views itself, with modern js templating techniques. After the MVC foundation Spine.js and Backbone.js are introduced and explained. Two of the most known patterns for small ( spine.js ) to large ( Backbone.js ) web applications.

I also liked to addional information on modern topics like LESS ans CSS 3 and NodeJS. For me this was pure complementary information, and I had rather seen some more introduction in the beginning.

Bottom line

JavaScript Web Application is a must have book to plan and develop larger applications. It tells you everything you need to know to structure a application, but I think it would help to read other book before this book to get the most out of it, for example Javascript Patterns. The books product page