通常配送無料 詳細
在庫あり。 在庫状況について
この商品は、Amazon.co.jp が販売、発送します。 ギフトラッピングを利用できます。
Innocent Code: A Security... がカートに入りました

+ ¥ 257 関東への配送料
中古品: 良い | 詳細
発売元 worldbooksjapan
コンディション: 中古品: 良い
コメント: イギリスより発送。通常7-21日以内にお手元に。日本語でも対応しております。 Book is shipped from UK, please allow up to 21 days for delivery.
この商品をお持ちですか? マーケットプレイスに出品する
裏表紙を表示 表紙を表示
サンプルを聴く 再生中... 一時停止   Audible オーディオエディションのサンプルをお聴きいただいています。

Innocent Code: A Security Wake-Up Call for Web Programmers (英語) ペーパーバック – 2004/1/30

その他(2)の形式およびエディションを表示する 他のフォーマットおよびエディションを非表示にする
Amazon 価格
新品 中古品
¥ 7,210
¥ 3,016 ¥ 551


Amazon Student会員なら、この商品は+10%Amazonポイント還元(Amazonマーケットプレイスでのご注文は対象外)。

click to open popover


Kindle 端末は必要ありません。無料 Kindle アプリのいずれかをダウンロードすると、スマートフォン、タブレットPCで Kindle 本をお読みいただけます。

  • Apple
  • Android
  • Android




  • This concise and practical book shows where code vulnerabilities lie-without delving into the specifics of each system architecture, programming or scripting language, or application-and how best to fix them
  • Based on real-world situations taken from the author's experiences of tracking coding mistakes at major financial institutions
  • Covers SQL injection attacks, cross-site scripting, data manipulation in order to bypass authorization, and other attacks that work because of missing pieces of code
  • Shows developers how to change their mindset from Web site construction to Web site destruction in order to find dangerous code


??the security book that all web developers need to read?sound advice?ignore at peril?? (Tech Book Report, January 2004)

"?achieves its aims admirably?" (PC Utilities, April 2004)

??should be required reading for web developers?? (about.com, March 2004)

??if you are a web techie you will love this book, I did?? (Infosecurity Today, July 04)



  • ペーパーバック: 248ページ
  • 出版社: John Wiley & Sons Ltd; 1版 (2004/1/30)
  • 言語: 英語
  • ISBN-10: 0470857447
  • ISBN-13: 978-0470857441
  • 発売日: 2004/1/30
  • 商品パッケージの寸法: 18.9 x 1.1 x 23.6 cm
  • おすすめ度: この商品の最初のレビューを書き込んでください。
  • Amazon 売れ筋ランキング: 洋書 - 892,362位 (洋書の売れ筋ランキングを見る)
  • さらに安い価格について知らせる

  • 目次を見る


Amazon.co.jp にはまだカスタマーレビューはありません

Amazon.com で最も参考になったカスタマーレビュー (beta) (「Early Reviewer Program」のレビューが含まれている場合があります)

Amazon.com: 5つ星のうち 4.6 5 件のカスタマーレビュー
18 人中、18人の方が、「このレビューが参考になった」と投票しています。
5つ星のうち 5.0 Focused info for developers more than security pros 2004/3/17
投稿者 Mike Tarrani - (Amazon.com)
形式: ペーパーバック
This book is similar in many respects to Web Hacking: Attacks and Defense (ISBN 0201761769). While that book was aimed at security professionals who needed to understand the exposures and vulnerabilities in web systems that were commonly exploited by the bad guys and gals, this book is aimed more at developers.
Like for former book, this one systematically covers exposures and vulnerabilities, and provides remedies at the code level. What sets this book apart is every component of a modern web site, from web server to backend database is covered, problem areas from a developer's perspective are highlighted, and solutions for resolving the problem areas given. I like this book because developers, from casual hobbyists to professionals, will easily grasp the information. More importantly, the material is not insultingly simple to experienced developers, nor is it over the head of less experienced ones.
Another reason I like this book is in systematically uncovering exposures the QA team can also use this book as a sourcebook for developing a baseline set of test cases that will catch security-related problems during acceptance, functional qualification, or regression test cycles.
In my opinion not only should web developers (including DBAs) and QA professionals read this book, but it should also be adopted by development organizations and projects as a part of coding standards.
4 人中、4人の方が、「このレビューが参考になった」と投票しています。
5つ星のうち 4.0 a longer discussion of Trojans would have been nice 2005/9/14
投稿者 W Boudville - (Amazon.com)
形式: ペーパーバック
Huseby walks through many instances of flawed web code. Client side and server side. All of these have been covered before in other forums and books, but he offers a clear exposition of the dangers.

Take SQL injection. If you do not have your web server filter the user's input in a web page submitted by her browser, and you blithely pass her string to your SQL engine, you are asking for grief. You're begging for a cracker to stuff a SQL command script to sabotage or exacavate your database. Thus too for shell command injection, where your server might inadvertantly execute that as a shell command. Remember to filter user input!

Cross site scripting and Trojans are also explained. Unfortunately, while the Trojan discussion is understandable, it is far too short.

There is no discussion of antiphishing methods. Though in the Trojan chapter, an example fake email would qualify as phishing. Perhaps the author saw no technical solution for phishing. And this book is about technical solutions.
7 人中、6人の方が、「このレビューが参考になった」と投票しています。
5つ星のうち 5.0 Highly recommended 2004/8/7
投稿者 Stephan Meyn - (Amazon.com)
形式: ペーパーバック
Security is a serious issue and education of the developer about writing secure code is extremely important. There are a lot of books out there that write either about how to configure your servers or about the various security technologies (cryptography, WSE etc) - this is not unimportant but it is incomplete because it ignores weaknesses introduced through coding practices.

The author manages a tight and very readable book that is addressed at the software developer. It can be read in about a day or afternoon (if you happen to be stranded at an airport lounge). I will be suggesting it to be one of our standard literature titles on the development floor.
5つ星のうち 5.0 Great, informative book! 2009/8/27
投稿者 J. Shiflett - (Amazon.com)
形式: ペーパーバック
This was a very informative book. It was straight to the point with no bull. Very helpful.
8 人中、1人の方が、「このレビューが参考になった」と投票しています。
5つ星のうち 4.0 A great tool. 2004/12/1
投稿者 Roy D. Woods - (Amazon.com)
形式: ペーパーバック
Aside from the publication errors ( 2 chapter 2's and part of chapter 1 at the end of chapter 2 - arg). The books is full of great examples and useful information for developer's and IT security auditors. If nothing else it helps so provide simple examples of possible exploits. (And given the publication errors, my copy is a colletor's item...) Cheers!!!
これらのレビューは参考になりましたか? ご意見はクチコミでお聞かせください。