WASEC, a book about Web Application Security, is now available for sale

I’m pleased to announce (even though you might have already heard about this on my Twitter stream) that the ebook on web application security I’ve been working on over the past year is now officially available for sale, at the hopefully-reasonable price of $6.99 $9.99.

You can now buy the book at leanpub.com/wasec, while Kindle enthusiasts will have to wait a few more days for it to become available there: it is currently available for pre-order and should be generally available in the next few days.

WASEC is the culmination of over a year of thoughts regarding my experience with web application security from the point of view of a software engineer, rather than the one of a security researcher. I believe software engineers might find it extremely interesting as it approaches defensive security from the point of view of someone who has to build an app and needs to keep security into consideration among other things.

If you’re unsure about purchasing the ebook you can take a look at some of its content that I previously shared in this blog. If reading lengthy blog posts isn’t your thing, you can also download the sample version from leanpub itself — it contains the first few complete chapters of the book.

What if I can’t afford the book?

Reach out to me privately, and we’ll sort something out. I will need to make sure you’re not trying to gamble the system, but I’d hate to see someone not being able to read the book simply because they can’t afford it — I will try to make an effort to reply to everyone who reaches out to me, and make sure financial conditions don’t get in the way of knowledge.

I wrote this book to share what my experience with web security has been and, frankly, I don’t think I’ll ever make the money I spent on it (in terms of man-hours) ever — so there’s no point in being greedy :–)

Again, ping me and we’ll try to work something out.


Again, please make sure you visit WASEC’s book page on leanpub and, if you’re interested in the topic and have a few bucks to spare, buy the book. Leanpub has a 45-day “100% Happiness Guarantee”, which means there’s no risk in purchasing any Leanpub book, and they make it easy to get a refund if you’ve tried a book and want your money back within 45 days of your purchase. If you end up reading the book, feel free to reach out and let me know what your thoughts are.

In the next few days I’ll be publishing some more updates to the book (all future updates will be available for free for users who have purchased it) and release it on the Kindle store — hit me up if you have any question.


Hi there! I recently wrote an ebook on web application security, currently sold on leanpub, the Amazon Kindle store and gumroad.

It contains 160+ pages of content dedicated to securing web applications and improving your security awareness when building web apps, with chapters ranging from explaining how to secure HTTP cookies with the right flags to understanding why it is important to consider joining a bug bounty program.

Feel free to skim through some of the free chapters published on this blog and, if the content seems interesting enough to you, grab a copy on leanpub, the Amazon Kindle store, gumroad or simply checkout right down below!

Buy the Web Application Security ebook for $9.99

In the mood for some more reading?

...or check the archives.