Grokking Web Application Security cover
welcome to this free extract from
an online version of the Manning book.
to read more



Hi, folks! Thanks for purchasing Grokking Web Application Security. I want to take a minute to explain why I wrote this book, and what you can hope to get out of it.

Security-wise, the internet has been a giant mistake. Plugging all of the world's computers together has revolutionized how we communicate and do business but has also fostered a community of hackers with endless ingenuity, looking to find ways to meddle with any web application you put online. In response, a multi-billion-dollar cybersecurity industry has risen up with an ever-more complex and heavily marketed series of solutions.

If you are someone who writes code for a living, it can be hard to navigate through all this noise to know what you should be worrying about and what you can leave to the professionals. This is especially true if you are just emerging from bootcamp or a computer science degree. In my (nearly) 20 years as a web programmer, I've had the (somewhat dubious) privilege of witnessing (and sometimes committing) every security mistake you can imagine. Starting out as coder nowadays is to join a security conversation that has been going on for decades, and even if you study up on web security, it's easy to feel there are gaps in your knowledge.

This book is my attempt to fulfill two goals:

  • Tell you everything about security it is essential for a web programmer to know.
  • Make every topic in the book useful for a web programmer to know.