Security for Web Developers
Using JavaScript, HTML, and CSS
Publisher: O'Reilly Media
Final Release Date: November 2015
Pages: 384

As a web developer, you may not want to spend time making your web app secure, but it definitely comes with the territory. This practical guide provides you with the latest information on how to thwart security threats at several levels, including new areas such as microservices. You’ll learn how to help protect your app no matter where it runs, from the latest smartphone to an older desktop, and everything in between.

Author John Paul Mueller delivers specific advice as well as several security programming examples for developers with a good knowledge of CSS3, HTML5, and JavaScript. In five separate sections, this book shows you how to protect against viruses, DDoS attacks, security breaches, and other nasty intrusions.

  • Create a security plan for your organization that takes the latest devices and user needs into account
  • Develop secure interfaces, and safely incorporate third-party code from libraries, APIs, and microservices
  • Use sandboxing techniques, in-house and third-party testing techniques, and learn to think like a hacker
  • Implement a maintenance cycle by determining when and how to update your application software
  • Learn techniques for efficiently tracking security threats as well as training requirements that your organization can use
Table of Contents
Product Details
About the Author
Recommended for You
Customer Reviews


by PowerReviews
oreillySecurity for Web Developers

(based on 1 review)

Ratings Distribution

  • 5 Stars



  • 4 Stars



  • 3 Stars



  • 2 Stars



  • 1 Stars



Reviewed by 1 customer

Displaying review 1

Back to top

(5 of 5 customers found this review helpful)


Not a how-to book

By Rich

from MI

About Me Sys Admin

Verified Reviewer


  • Well-written


  • Not For Beginners

Best Uses

  • Expert

Comments about oreilly Security for Web Developers:

I was expecting more of a "how-to". Much of the book is devoted to "why-to", mentions methodology and best practices at a high level, but leaves implementation as more of a homework exercise.

It looks well thought out and will probably be of use to experienced developers looking to make web security part of their discipline and to security professionals trying to develop policies and practices for their organizations.

For someone like me who wants to learn *how* to do it and incorporate some basic security into a web application like authentication methods, I'm still stuck trying to find it myself. There are no code examples. About the only takeaways I get is "Use HTTPS" and "validate inputs", which I already knew. Some links are provided as reference, but the book is still throwing you into the deep end of the pool. If I'm being sent off to do my homework, then the book needs a lot more links to quality sources.

I'm giving the book 4 Stars because it's written well and is well organized and I don't want to skew the rating negatively because the book simply isn't written for me and I am not the target audience. I'm writing the review to warn potential buyers that this isn't a beginners' guide to web security. I'm a little disappointed in what I got for the price, even on discount, and wish it had been clearer what I was getting before I bought it. When the subtitle says "Using JavaScript, HTML, and CSS", it suggests that there are examples to follow and *use*. The section on specific security issues with JS, HTML, and CSS is actually rather short if somewhat informative. Specific examples of common implementation problems would have been appreciated, but possibly out of scope for what the author was trying to do.

Displaying review 1

Back to top

Buy 2 Get 1 Free Free Shipping Guarantee
Buying Options
Immediate Access - Go Digital what's this?
Ebook:  $42.99
Formats:  DAISY, ePub, Mobi, PDF
Print & Ebook:  $54.99
Print:  $49.99