Innocent Code: A Security Wake-up Call for Web Programmers

Innocent Code

This book is much more than a wake-up call. It is also an eye-opener. Even for those who are already awake to the problems of Web server security, it is a serious guide for what to do and what not to do, with many well-chosen examples. The set of fundamental rules is highly relevant.

-- Peter G. Neumann, Author of Computer-Related Risks,
and moderator of the Internet Risks Forum (

This book is a serious must have for all developers who are building web sites. I know you will enjoy it as much as I did.

-- From the foreword by Mark Curphey, founder of OWASP.

If it doesn't scare the hell out of you then you're either very good or very stupid. [...]  Ought to be required reading for all web developers.

-- From a review by TechBookReport

In short, if you are a server side web developer then you simply must read this book. If you are a web techie then you will love this book - I did.

-- From a review by Andrew Blyth in Infosecurity Today

See more reviews.

Finally, an entertaining programmer's book on security! Innocent Code will show you how common programming errors make a web site open to attacks, even with both firewalls and encryption in place. You, the programmer, play a major role when it comes to the security of a web site. With lots of real-life examples, this book will show you why.

Feel free to take a look at an excerpt from the Introduction chapter or the Summary of rules chapter if you want to know more about the motivation behind this book.

The book at: Wiley, Amazon [us] [uk] [ca] [jp] [de], Barnes&Noble,

German translation: dpunkt, Amazon [de]

Czech translation: Vltava

Sverre H. Huseby