Awesome book, joy to read. It's dense, but written in a cheerful tone. The author knows a lot about web security. It's not bound to a narrow set of technologies, frameworks, OSes or browsers. It touches a little bit of everything. But it doesn't make it shallow. I wasn't aware about 90% of information presented in this book. It has no cumbersome and useless terms security charlatans like. It's very practical and full of advice.

I felt slightly uncomfortable because it was written around 2011. Some facts are clearly outdated (Flash is dead in 2019), some "things to come" became a bedrock of the modern web (CORS). At the same time I was glad it mentions those outdated facts. It provides historical perspective so you can see why the web works like this. For example, it has an explanation why "Download/Open" buttons have such a weird and annoying delay.

Quotes