Everybody who reads this blog should be familiar with the computer security science. Computer security strongly depends from complexity, by meaning that much more complex is a system much high is the probability to have a vulnerability on it. Web applications, from simple HTTP requests to browser-side plugins, strongly interact with other applications making alive a very complex system. Each complex system comes with vulnerabilities. Due to the flexibility, adaptability and availability web applications make some of the most complex system available on the digital era, and for this specific reason are one of the most bugged systems.
Michal Zalewski is one of the most talented browser security expert. He wrote many books but today I am going to suggest his last book titled : "The Tagled Web A Guide to Securing Modern Web Applications", published by No Starch Press.
Definitely Michal Zalewski wrote one of the most interesting book on the topic, it does not describe techniques to attack or how to defense applications by giving advices or simple examples, it really goes deep on the core problem analyzing almost all the Web technologies. He underlines weakness and why web browsers are fundamentally insecure pointing it out during his very deep working analysis. The reader will learn how things really works and why there will always be vulnerabilities in such a models.
A very interesting tool offered by the author is the "Security Engineering Cheat Sheet" available at the end of every chapter, it offers a quick way to sum up what the reader has learned so far. It's very useful even for a posteriori reading or for a quick search on contents.
Definitely a "must have" in any computer security engineer library.