If your web site contains anything other than static web pages then this book is a must have guide to reducing the possibility of their being security holes in the code you are using. If you are working with web 2.0 then this is an essential book for your collection.
This book has one very clear and practical focus - how to test web applications. It maintains that focus throughout the book giving practical information at every step along the way. A number of different aspects of security testing are covered including observation, data encoding, input tampering, bulk scanning, automation, design flaws, Ajax, manipulating sessions and multifacet testing.
The early part of the book covers where to get free testing tools from and how to install them and it is those tools that the latter part of the book then shows you how to use to perform all the different security tests. The book covers not only many of the obvious and not so obvious means by which the security of a web application can be compromised, it also shows you exactly how to test your code in an attempt to compromise the security.
Some of the suggested tools covered in this book can be very dangerous if used in the wrong way or by the wrong person but the extremely clear step by step instructions on what to do and what not to do with the tools should allow the careful reader to use them safely to test the security of their web applications.