2008 by Rich Cannings and Himanshu Dwivedi and Zane Lackey
Some remarks after clsosing down the book.
* I didn't know that Flash applications were that powerful and dangerous. And even more when you use them together with dns pinning.
* XSS just seems at the beginning of its road into the networks and the interactivity of websites. The possibilities seem endless.
* ActiveX needs to be secure or not allowed. Period.
The book gives a lot of code, it is nearly a manual for attackers. It gives also a lot of tips, but these seem a lot less ordened and structured. What I mean is a procedure of things you should have done and tested, a kind of checklist.
Another weakness of the book is that there is a lot of attention for the security firm of the writers and not too much at other initiatives, but I presume you also read other books and so this wouldn't influence you too much, won't it.
I wouldn't read it as a first introduction, but if you have already read some stuff about hacking web2.0 applications, than this should be your following book. And if you aren't convinced yet that you need an application firewall and a more static website without flash, activeX and the lot, than you throw this book at them.
I find it in fact a depressing book. Maybe we should send these books to all the hypers and investors of web2.0. to show them that the possibilities are unlimited.... for hackers.