Innocent Code

* This concise and practical book shows where code vulnerabilities lie--without delving into the specifics of each system architecture, programming or scripting language, or application--and how best to fix them * Based on real--world situations taken from the authora s experiences of tracking coding mistakes at major financial institutions * Covers SQL injection attacks, cross--site scripting, data manipulation in order to bypass authorization, and other attacks that work because of missing pieces of code * Shows developers how to change their mindset from Web site construction to Web site destruction in order to find dangerous code