I have just gotten around to read through Innocent Code by Sverre H. Huseby.
It was originally part of the curriculum of a security class I was taking this spring. But after reading the chapter required for class it got left behind. That was not because it is a bad book wich it is absolutely not.
The book review business is not something I am getting into, but I can gladly recommend this book to anyone involved in web security one way or another. It is a good read with many nice points and a good mix of practical and theoretical examples. So if I were in the review business I probably would give this book the high rating of 4 / 5. That is how good it is!
But dont trust me, check out the ratings on amazon: