Computing Internet Books

I would recommend this book to anybody that is about to take 70-270. I would say a word of caution though about this book. It is truly intended to be a suppliment to actual training from either a interactive self-paced class like Test Out or Prep Logic. If you try to pass the 70-270 with this book alone you may run in to difficulty. Also, I would recommend exam insurance from Microsoft if your testing center allows it.

This book helped me to pass the 70-270 test. It had some information that I did not see anywhere else. I have used cram exam books before and I love the series. I would recommend this book and others for anybody studying to pass any tests. Awesome book!

Overall, I find this particular book useful in combing through a lot of intricate details of the Windows XP operating system. Though given that, I don't think this resource alone will help you adequately prepare for the exam, which is something the authors themselves note. This book I feel tries to strike a middle ground, but fails in a few regards:

(1) As many topics like IPP printing is inadequately covered, readers will not be able to install and configure, IPP for example, with the scant coverage.

(2) There is over emphasis on tools like that are not apart of Windows XP, like USMT and RIS. I have never come across such questions in the exam.

(3) Material is not aligned with the actual Microsoft study material, and as such important topics are inadequately covered, omitted, or over covered.

The bottom line is that you might be spending more energy studying unnecessary material, while at the same time, not studying key concepts and topics needed to pass the exam. One definitely needs additional material to study and pass the exam, but still despite my grief this book did actually help me, and rigorous relentless study combined with actually tinkering with Windows XP on material related to the book, did help me pass the exam. I am now a Microsoft Certified Professional.

Having passed my MCSE NT 4 exams using the Exam Cram guides, I knew that getting my 2003 MCSE would be no different. This is the first exam I have taken for my 2003 MCSE and I'm glad I picked up this book. It totally prepared me for the exam with the exception of an exam simualtion. I would say, however, that this book gave me 80-90% of what I needed to pass the exam. To sum it up, I will be going to the bookstore tomorrow to buy more Exam Cram books to finish out my quest to get my 2003 MCSE.

This book provides a real good start with less than 500 pages. But you will never pass the test just from the material in this book. Taking the advice of others before me, I obtained all the info I needed from this book, plus the Windows XP resource kit (available free online or in paperback) and "Changes to Functionality in Microsoft Windows XP Service Pack 2" (Also an online microsoft resource).

This book provides step-by-step procedures needed to effectively manage and conduct a pentest. Consultants, security team managers/members, IT managers/personnel and business program and service managers/personnel should read this book before planning a pentest on IT systems within their environments.

This book is easy to reference and provides fresh insight to pentesting at the user, host, network, system and application layer. It demistifies the what, why and how of pentesting in a clear, concise and repeatable manner.

Get your laptop out, have your case of Jolt ready and put on your tin foil hat, you are in for one heck of a read. A must have. When done, keep on shelf within arm's reach.

[...]

Penetration Testing and Network Defense (Cisco Press Networking Technology) (Paperback)
ISBN: 1587052083, Paperback: 624 pages, Publisher: Cisco Press (October 31, 2005)
Cisco is the leading of networking technology of the 20 and 21 century, and understand that security is no one time mission but require network design, testing etc. to build a secure environment. As part of Cisco Press release on security topics, I found a nice book:
Penetration Testing and Network Defense (Cisco Press Networking Technology) (Paperback)
That's introduce an interesting method to guide how to build a secure environment and protect
Networks by using Cisco and third party tools (Most of them from the open source filed).
Authors background:
Andrew Whitaker, CCSP(tm), is the Director of Enterprise InfoSec and Networking for TechTrain, where he performs penetration tests and teaches ethical hacking and Cisco® courses. He has been working in the IT industry for more than ten years, specializing in Cisco and security technologies, and has performed penetration tests for numerous financial institutions and Fortune 500 companies.
Daniel P. Newman, CISSP, CCSP, has been in the computer industry for over 12 years specializing in application programming, database design and network security for projects all over the world. He is the managing director and chief security officer for Tribal Knowledge Security and specializes in penetration testing and advanced technical training in Cisco, Microsoft, and Ethical Hacking topics.
Readers Pre-Requirements:
Although I couldn't found pre-requirements for the book readers, I can recommended using this book to readers that answer to the following pre-requirements:
1. Have basic knowledgebase in Linux/Unix administrations.
2. Have good knowledgebase in TCP/IP Networking design and implementations
(Recommended to have at least CCNA and CCDA Certifications)
3. Have at least two years of experience in SMB-Enterprise infrastructure administrations.
Book Structure:
The book build as 16 self study chapters that's cover most of the information that's ethical hacker (or beginner penetration tester) needs.
The book begin with a nice introduction on the reasons that companies should use penetration testing and divided this reasons to major stages that's parallel to known security models (Like: C.I.A. :Confidentiality, Integrity, Availability).
The next chapters review the requirements to penetration testing and legal issues with penetration testing.
Chapter 2 - Legal and Ethics Considerations - Should cover more information from my point of view and add a warning message to people that work as penetration testers that need legal support from the law team from the test company and the target test company should be used.
Most of the companies and the management (Usually in states outside the United States) don't understand the consequence of this tests and don't know what to do with the test results.
Also, due the privacy invasion and the current laws against privacy invasion - this topic is very important to understand and to know how to handle.
Add this information to this book can help to complete the missing information in Chapter 2.
The next chapters cover most of the public known attack technique and give a real life scansions and solutions for attacks.
My conclusion is: The book is recommended to each IT staff and beginner penetration tester.

Best Regards,

Yuval Sinay

This is my first ethical hacker book, it is very exciting!!. Covers almost every aspect of penetration testing in good length. Explains many types of scans a penetration tester can and can't perform, gives specific reason why you should choose to perform those different types of scan, which ones you should use to keep from being detected.
It gives an easy to understand explanation of types of attacks, how to performed, tools needed, and how to protect/detect from such attacks. It also discusses the difficulty of detecting certain of attacks.
It also has an entire chapter regarding the legal considerations and implication of penetration testing. And the great thing about this book is that even though it is cisco book, it covers many divices and operatings system.

This book is an excellent resource for anyone considering investing in an ethical hack or penetration test. It would also be a good read for anyone on a security team in an organization that is getting ready to undergo penetration testing. It is clearly laid out and well edited.

I don't believe that you can learn to become a penetration tester from the book, most of the tools are a bit older, I think the technical development must end in 2004 and the authors skip some steps from time to time especially in the NOTE sections.

My least favorite chapter was 2, Legal and Ethical Considerations, in my view, one to three pages per regulation is not just superficial, but potentially dangerous. The social engineering chapter is better than most similar attempts. I enjoyed Chapter 7, Web Server Attacks and intend to read that one again. I was really enjoying Chapter 11 Wireless, until I hit page 361, this is an example of what I mean by skipping a step or two! It is all do this, do that, with nary a clue on how. One of the ultimate tests for a security book is how well the book can explain buffer overflows. Many times, it is fairly clear the authors themselves don't know what a buffer overflow is and they mumble something about Smashing the Stack and I close the book on the spot. I have little doubt that Whitaker and Newman know what a buffer overflow is, but I doubt any reader of the book will learn it from the book. Please do not get me wrong, this is a good book, a very good book, but that is a hard concept to really teach. I am sure this will go to second edition and I hope that can be an area of focus.

I like the list of tools in the back of the book. In my view the section on choosing a penetration testing vendor is worth the price of the book. I really wish I had read something like that years ago, I could have saved money and heartache.

Penetration testing is becoming a hot topic again, but the available books on the subject continue to underwhelm. Penetration Testing and Network Defense (PTAND), published in the fall of 2005, would be a four star book if it had been published two years earlier. Stephen Northcutt, unlike all other reviewers, noticed this fact as well. When you combine this problem with PTAND with several other deficiencies, the result is a book you can unfortunately skip.

I usually try to avoid reading and reviewing books that I expect not to like. However, PTAND looked promising. I have several excellent Cisco Press books, like Cisco Router Firewall Security. A major problem with PTAND is that it is largely out of date. For example, Ch 12 discusses malware, but uses B02K, SubSeven, the Melissa virus, and Brown Orifice as examples. In Ch 6, session hijacking is done with Hunt and Juggernaut, but ignores Ettercap, Cain and Abel, and Yersinia. (I found it funny that p 131 of this Cisco Press book describes Juggernaut's author as "someone with the handle of 'route'", but doesn't say that 'route' is Mike Schiffman, Cisco employee since April 2003.)

In addition to outdated or missing tools (THC's Amap and Hydra are also neglected), PTAND fails to mention problems with many of its techniques. In Ch 5, the authors never hint that servers susceptible to DNS zone transfers are not as plentiful as they were in 1998. A discussion of Visual Route doesn't explain that information reported by the tool may have nothing to do with the physical location of a system. Ch 10's description of ACK tunnels ignores that stateful firewalls have been denying such covert channels for years.

PTAND also misses some technical and conceptual details. The definitions of "threat" in Ch 1 are really describing attacks or risks. On p 98, the authors should say that closed ports reply with RST ACK, not just RST. I don't think the authors understand idle scanning (pp 102-3), and their examples of fingerprinting on p 106 are taken directly from Fyodor's 1998 paper (without credit)! On p 351 PTAND propagates the myth that SSIDs "are like shared passwords," and poorly claims that broadcasting SSIDs is a "mistake".

I liked many of the case studies in this book, but several had problems. In Ch 14, the authors should have just used Metasploit instead of using shell code from Metasploit to perpetrate their case study. Their case study in Ch 10 uses Macof to overflow a switch CAM table (pp 343-4), but on p 129 the authors previously stated they found such techniques unreliable. Ch 10 fails to mention that CDP is not a routable protocol, so it cannot be used remotely. Ch 10 also calls IDS' "intruder detection systems".

On the typo side, replace 1996 on p 25 with 1986, and remember that FTP data does not use port 21 TCP. With active FTP, source port 20 is used. With passive FTP, nothing can be said a priori about the ports that might be used.

If you are an absolute pen testing beginner, you may find this book valuable. I don't see any advantage to reading this book when texts like Hacking Exposed are available. (If you think my Foundstone history makes me biased about the HE books, check out my earlier reviews of that series.) I did like the use of case studies in each chapter, and the explanations of how to mostly use Cisco IDS to detect certain classes of attack. The defensive recommendations were also decent.

Those looking for solid pen testing recommendations might find Pete Herzog's free Open Source Security Testing Methodology Manual to be valuable.

The Web Warrior series is an excellent set of self-learning books, or (as I use them) for online courses. However, this book is just not up to snuff. Topics are mismanaged, scattered throughout chapters that have little to do with the subjects. After Chapter 3, where you learn some Javascript, comes a twenty page section on how to use the debugger- in Chapter 4. Gee, thanks. Also in Chapter 4 is writing cookies and opening new windows.
The review questions and assignments at chapter's end are similarly disorganized. Chapter 3, Hands-On Assignment 1 requires that you return a value from a dropdown menu. After frustrating hours I discovered that you can't guarantee a returned value if you don't preselect an option. This is explained for the first time in Chapter 4. Wonderful. My homework is hell, requiring me to predict what will come in a later chapter. The questions are often vague at best, for example asking what value you can expect an error checking script to return, and neglecting to inform poor reader whether the input is in error. (pg 251, question 2)
In all, I'd have to say that this book, while packed with information and with excellent practice exercises, suffers from a terminal lack of organization. I have to wonder whether it was rushed to market without proper editing. There are better books out there; there must be.

I thought the book was excellent. The step-by-step instructions were clear and, more importantly, worked as stated in the book. More experienced people may find this book too elementary, however, it is good for someone fairly new to VB.NET and database access, and to the concept of client/server Web environments.

If you do all of the tutorial exercises throughout a chapter, the "Hands-On" Projects at the end of the chapter are really no-brainers. They really are just a reiteration of the tutorials. I would have wanted them to have something a little more challenging.

Pay close attention to the operating system, and other software and system requirements at the start of the book. You need particular versions of operating systems on your PC, in order for Visual Studios.NET to work with Microsoft's Internet Information Services (IIS). The Visual Studios.NET CD at the back of the book has only a 60-day trial version. It pays to take this course via a local college, so you can get operating system upgrade and non-expiring versions of Visual Studios.NET at student prices.

This is an excellent book. I'm in the middle of a web enabled database project at work and this book is a godsend. Especially for me because I am new to ASP.NET and VB.NET. This book is geared for someone with no web-programming experience. But if you study this book you WILL be able to set up your machine as a web-server and you WILL have the capability of creating dynamic, data-driven web-sites. It could've covered Web-Services or XML more but I don't care. Its concise and very well organized. Unlike this revew :) The CD has a lot of good material on it too. (Note that the code in this book is all VB.NET, which may scare C# people away, but it shouldn't) Five stars for this one.

This is a great book for the beginner but too simple for the advanced. Makes a good reference to thumb thru.

A lot of examples shows how absolutely everything could be attacked and corrupted in the chain of components used for building ajax applications, from css (yes even css) to html, from javascript to http, from browser to server ... Sometimes there's too much lines about evident things and sometimes things seems more proof of concept than real possible attacks. But these guys know what they are talking about. This is an excellent book that every serious ajax developer must have read, specially if they plan to make mashups or let their users bring and share things using their applications.

Ajax Security was the last book I read and reviewed in 2007. However, it was the best book I read all year. The book is absolutely compelling and every security professional and Web developer should read it. It's really as simple as that.

I am not a Web developer. I was not very familiar with Ajax (beyond its buzzword status and a vague notion of functionality) when I started reading Ajax Security. I attended the authors' Black Hat 2007 talk and was thoroughly impressed and disturbed by the security implications they presented. I expected Ajax Security to be a good book, but one can never be sure if talented hackers and presenters can transfer their skills to the written word. Ajax Security gets the job done.

Despite being a traditional network security guy who prefers inspecting traffic to analyzing JavaScript, I had no problem understanding Ajax Security. The authors do a superb job leading the reader through the issues surrounding modern Web applications. They start by introducing a technology, which is critical for someone like me who doesn't deal with Web development issues. Next they describe how it is broken. They continue with defensive recommendations and summarize their findings in the conclusion. This is a perfect technical writing style that is too often lost on other authors.

Ajax Security makes very good use of case studies (both large stories like ch 2 and small ones throughout the text). The book also integrates code, diagrams, and screen shots. The text itself is very clear and the authors keep the reader's attention throughout. Histories for various technologies provide a welcome background, showing readers how we've ended up in our current Web 2.0 predicament.

If you'd like a positive critique of the technical components of the book by someone who is a Web expert, I recommend reading Dre's review of Ajax Security in the TSSCI-Security blog. Otherwise, I give my highest recommendation to Ajax Security, as my Best Book Bejtlich Read in 2007 award.

This is very good book. I've created so many websites using AJAX techonlogy. This book provided me to check how secure the websites are. I am glad that I fullfilled all the details without having the through knowledge of AJAX security. But this book has collected all the security check point at one place.

Are you a web developer? Do you believe you can ensure that your client-side code will function as expected? Well, you are wrong. In Ajax Security you will find out why.

Ajax changes the game in that it moves business logic to the client. In doing so it increases the attack surface of the application. The authors get curious with some real world Ajax frameworks such as Prototype, Dojo, and Microsoft Ajax. They demonstrate with these frameworks how developers might be unknowingly building vulnerabilities into their applications. If you're home brewing Ajax, the authors cover important security considerations you'll need to know so that you don't make the same mistakes the industry leaders have made.

I learned a lot about JavaScript from reading this book. I learned even more about how JavaScript can be used maliciously. The authors describe techniques for function clobbering, JSON hijacking, storage attacks, and presentation layer attacks. One of my favorite parts of the book, not to mention one of the scariest, is an explanation of how to hide malicious JavaScript from signature based anti-virus software.

The authors explain why the Same-Origin Policy is broken and how it can be subverted. Also covered are security considerations for offline applications. An in-depth analysis of Ajax worms is covered. If you are curious about how Ajax is changing web security you should read this book. If your are a web developer or a security professional you should read this book, even if you aren't using Ajax. If you don't believe cross-site scripting is a "big deal", I dare you to read this book and maintain the same opinion.

Anyone involved in developing/testing AJAX should read "AJAX Security." It covers preventing a hacker from attaching your application. The audience includes developers, QA and penetration testers. While there are code snippets, they are explained well. While managers aren't in the target audience, I think they could benefit from understanding the concepts presented in the book.

The book begins with a brief review of AJAX architecture with an emphasis on security. The writing style is quite engaging including a chapter walking you through an attack from a hacker's point of view. All the major known categories of attacks are included including resource enumeration, parameter manipulation (with SQL and XPATH injection), session hijacking, JSON hijacking, XSS, CSRF, phishing, denial of service, etc.

I particularly liked the analogies to things that happen in the physical world such as resource injection into a roommate's "to do" list and hijacking another customer's paid order in the deli. These made it easy to visualize the problem even for people who don't code often.

The authors were realistic and included the limitations and drawbacks of each tool/framework mentioned. I liked the chapter analyzing two major JavaScript worms including the source code. This really hit home on the importance of certain practices!

All information was up to date as of printing including comments on all four major browsers (IE, Firefox, Opera and Safari.) They even mentioned the HTML 5 specification. The book is not server side language specific, which was nice.

First the good:
It is an _excellent_ tutorial on modern xHTML for those that have used HTML from its tag-soup beginnings. He methodically gives examples on why we, as web programmers, need to utilize a particular technology (CSS, Accessibility, etc). For example, he doesn't just say "Use CSS" because its the new way of doing things. He gives no-nonsense specific examples in bandwidth savings, alternate devices, etc.

His writing style is easy to read for computer geeks: a signature trait of any Martin Fowler signature series book.

He also provides a series of regular expressions that you can use to search through your HTML code to find problem areas and does a good introduction to the program "tidy". Since I am definitely _NOT_ a Regex geek, these are highly appreciated.

And finally, he shows usage of some xHTML tags and attributes of which I was not aware: such as proper usage of and tags.

Onto the downsides:
Originally I purchased this book thinking that I would be able to use it to get some tools under my belt to better transform the lousy auto-generated HTML that most graphics tools export and update them to decent, modern xHTML. However, the author is definitely NOT a "graphics design guy." And because of that, I know that several of the solutions he provided in his CSS sections would NOT fly with the designers where I work.

If I had seen his website, I probably would have realized that he was an XML expert instead of a design expert and wouldn't have gotten my hopes up. So far, I've found that websites like "A list apart" are much better for working with CSS-based design.

So for those looking to refactor your HTML code from ancient "Tag Soup" to modern sleek xHTML, this is a great book. If you're looking for how to best refactor from table-designs to table-less while maintaining a similar Look and Feel that you've been given by your designers, I find this book highly lacking.

Despite years of progress by web standards advocates, and a significant improvement in the quality of the HTML on the web, many of us still end up grappling with outmoded, broken HTML on a regular basis. When confronted with a large site filled with broken pages it can be hard to know where to start. Elliotte Rusty Harold's Refactoring HTML offers a step by step recipe book for migrating such sites to clean, semantic code.

Harold's is a well known name in the XML world, and that background shows through in how he approaches the book. While a general audience will probably find useful content, the reader needs to be prepared for a series of command-line and Java-based examples. Tools like tidy are featured prominently, as is the use of regular expressions to seek out broken code to fix and, in the music-to-my-ears category, automated testing.

If you're equipped to do so, following these steps will lead to much cleaner, more manageable sites, but I found myself wondering how many of those comfortable with command line tools and regular expressions are in the market for a book like this.

In general I suspect the key audience for this will be IT departments inside large organisations tasked with refreshing or extending an intranet. For those developers, who maybe don't spend much of their time working with HTML and like the idea of using scripting tools similar to those in their regular workflow, this book's worth a look. If you're already familiar with current trends in web development, then there are probably other ways of picking up on the scattering of techniques that might be new to you.

Disclaimer: I was sent a copy of this book for review by the publisher.

The Web means mostly webpages written in HTML. The popularity of HTML is overwhelming. Yet it has well known problems. There is no intrinsic separation of semantic content from presentation details. And the tag syntax is very sloppy.

Harold explains in clear and strong terms why you should clean up your webpages. Mostly by using CSS and by making [and checking] that the pages are well formed and valid under XHTML. This is not a text on CSS, and if you are going to follow the precepts of the book, you will need another book, dedicated to CSS. The strength of Harold's message is in the clarity. He is trying to influence you in a top-down manner. To make these strategic decisions.

For example, by going with CSS, you simplify maintenance. Because files are factored into CSS files, which layout people can work on, and semantic content files, which can be the purview of others who are more involved with intrinsic information processing. The latter files also have the advantage that they can be used with different types of display devices and programs, and not just for the typical web browser. Think of cellphones, or devices for the blind.

The last aspect is another salient point he makes. Writing pages that are also accessible to the blind is not just good for that reason. It lets you focus not on what the page looks like, but on what it means. Why is this good? Because it improves the chance that search engines will look at and positively classify your semantic files. Search engines often deprecate presentation instructions and CSS files. They are also looking for files with high semantic content.

Also, by factoring using CSS files, the resultant set of files gets to be smaller, which reduces outgoing bandwidth from your web server. For large popular sites, this can be a cost saving.

While the writing of well formed and [better yet] XHTML-valid pages increases the chances that different browsers can accurately show the pages. The reason is that browsers have been written to pragmatically show HTML, where the tag structure is sloppy. To do this, a browser has to make certain display assumptions with a badly written file. The problem is that different browsers make different assumptions. And so some HTML files will not display well, or at all.

There are also other smaller level tips scattered thru the book. Like suppose you have an image that shows essentially only text. Replace the image with text. Less bandwidth is consumed. Plus search engines don't really do much with images. [Image analysis is very intensive and hard.] So giving them more meaningful text instead of images helps your page ranking. As a side note, some spammers do precisely the opposite. They have images which are mostly to display text. To evade a search engine or antispam software that keys off suspicious text.

In related wise, your image tag should always have an alt attribute describing the image. Helps the blind visitor. But mostly it helps a search engine classify the image.

There is one unintended ironic aspect of the book's last page. It talks about hiding your email address in the webpage from screen scraper bots run by spammers harvesting email addresses. One way is to use JavaScript to generate the address. The script is run by the visitor's browser as it displays the page. This is to evade spammers. The irony is that a spammer can use this very method, when sending spam email. Many antispam programs now use a blacklist, since spam often has links to the spammer's domain. But the programs usually [always?] check against static links in an email. The spammer can write JavaScript that dynamically makes links, to evade this. Sure, browsers that have JavaScript turned off will not show these links. But in fact, most users turn JavaScript on, because many websites use it. And the spammer might figure that the loss of links due to no JavaScript is greatly outweighed by being able to evade the now almost axiomatic use of blacklists by antispam programs.

Another example of how technology can be used for completely different and opposite purposes!

I have always been an advocate of the O'Reilly line of "...In a Nutshell" books but Sybex has tipped the scale. HTML Complete is a COMPLETE collection of markup that is easy to referrence when needed. The book is an easy (although long) read packed full of tips and tricks. Most importantly, the 1,000 page collection is under $20! Amazing.

This book is light weight and very portable in the briefcase. I take it everywhere I might need to deal with the web. Very user friendly with comprehensive index to find information. It covers practically all topics regarding excellent web technologies (including perl, unix and CGI and xml) with comprehensive definitions to make the not-so-technical individuals grab an instant understanding . Brilliant HTML and CSS reference for people who don't have much time to spend hours finding quick solutions for front end coding.

HTML Complete teaches the essentials that every Web Designer should know, both beginner and expert alike. For experts it serves as a great reference book.

Beginners will find themselves interested in HTML instantly. HTML Complete breaks passed the boundary of teaching programming through text. It comes off as more of a teacher than a text book - just like it should be.

Later on other topics such as Perl, ASP, Java, and much more are introduced after a significant portion of HTML is covered. While those topics are left in the dark, they do not hinder the overall feel of the book and the knowledge it shares.

I bought this book at a local bookstore and it's one of the best computer books I've purchased. It starts from the beginnings of HTML, covers CSS and everthing inbetween, and finishes with an introduction to advanced HTML. There are also numerous reference tables (color, tags) for the more experienced web designer.

This book is not bad, but by the author's own admission, much of what is being explained is deprecated. The book is quite good at telling you what NOT to use, but keeps referring the reader to Chapt 16 (CSS). Unfortunately the CSS chapter does not show all the correct ways to implement the deprecated features (use of justification - left, right, center - in tables, for example).

One nice feature in the book was the "Widely Supported" yes/no indicator for HTML syntax in the Appendix A.

I think the author should have spent more time on non-deprecated usage of HTML and CSS, instead of saying "Here's how to do this, but don't do it this way." This book is probably useful to someone who is trying to READ older HTML code, but is not so useful for someone trying to write new HTML code.

In summary, although it has useful information surrounding the use of HTML, this book should probably be re-titled to "HTML Deprecated", or "Reading Deprecated HTML Code", or alternatively needs a much-expanded section on use of CSS.

Painting the Web by Shelly Powers is not the type of book I would normally pick up. Having 14 years web design experience means that you tend to have absorbed something in the way of use of graphics on the web, from raster images, to Scalar Vector Graphics (SVG), which is what this book is all about.

Looking at this book from its title alone, I first thought, Painting the Web was a book on SVG. But I was wrong, well partly wrong.

Shelly, takes you through what makes up the graphics on the web now and into the future in a chatty friendly manner, however this book can be a touch dry when it comes to technical explanations.

Raster to Start, Plus a little SVG

It moves through image and colour theory onto a review of professional to budget applications both desktop and online. The book presents a no nonsense explanation of the software. It also supplies a few how to recipes on the building of raster graphics for the web.

A good third of the book is dedicated to the use of vector graphics on the web. Dealing with X3D, VRML (now that brings back memories), VML, SVG (noting it's restrictive browser implementation). I was expecting maybe a little discussion on desktop vector applications, but instead there is comprehensive introduction on SVG. It's not just a few pages folks, this goes from the simple to complex examples. There is also a good overview of the SVG tools and editors in the marketplace to round it off.

Web Design Basics

There is a small section looking at CSS. Now this is not meant to be a primer, it assumes you know your CSS, and I'll assume you do. The book looks at the more advanced elements of CSS 2, not bad if you're not using all the browser compliant elements already. It runs us through concepts such as pseudo-elements, specificity and styling microformats. Like with Raster graphics there are a number of CSS recipes as well.

For me this is where the book slips up a little; if we are uber CSS designers then we should know all the basics that she explains such as layered background, conditional statements, font unit resets, unordered list menus.

There is a section on the principles of good design, as well, detailing how to layout a good semantic web page, be that static or via a flexible layout grid.

One small point on the microformats front, a footnote reference to the microformats wiki would have been a nicety, it's not a biggie, something to consider for the 2nd edition. There is also no explanation what microformats are and how they are used. Slap on the wrist to the technical editor.

Lets Go Dynamic

Dynamic Web Page Graphics is also gets a look in. I was expecting a section on Silverlight, Flash, a little AIR and maybe a some Ajaxian animation. What the book presents is DHTML (shudder - does anyone still use that term anymore). This book steps through the DOM and the usual manipulation of the CSS styling moving onto lightbox and accordion functionality using the standard unobtrusive Javascript implementation. Again this is a quick visit into the ajaxian world.
Paint the Canvas

There is a interesting exploration into the realm of the canvas and it's extension into the use with SVG. This book explains the creation of simple objects and their comparison to SVG, to the use of canvas effects and transformations. The canvas element is one of those under used elements that I can see getting a greater use in the near future.

The section ends with an extensive bringing together of SVG and the canvas with a little Javascript and manipulation of the DOM. It is the use of this type of animation techniques demonstrated in the book, that make me really question the need for implementation of like functionality in traditional animation rendering platforms like Flash.

Overall

Overall it's not a bad book, like I said previously, not something I would pick up, but I'm a little jaded on the subject and looking for the edge. Still the sections on SVG and the canvas where informative.

These sections on SVG and canvas to some may seem to be worthless. Well I have the feeling that we are going to see a greater use of these to with the development of various dynamic canvas libraries as with have with Javascript. This book has just seeded the ground for this with a good primer in the subject. With the increasing compliance of browsers with SVG, it will not be long before this is another standard technique for front end developers..

However, the book could do with the gleam of a good technical editor, there are sections of the book that I was wincing over, not that they are technically wrong. It was just the sequence of the chapters and the information therein, a little too much on digital imagery and photographic aspects for my liking for instance.

This with some of the disjointed sections it tended to give me the impression that the book was all over the place not really knowing what it wanted to be, graphics, CSS, AJAX, SVG, Canvas or design overview; it does it all. A little streamlining and this could have been a better book.

That said if you want a good comprehensive overview on the graphical elements of the web, especially SVG at 600+ pages, Painting the Web, by Shelly Powers is a good place to start.

Side note

There is no way Shelly could have know about Javascript dynamo Dmitry Baranovskiy's awesome Raphaël JavaScript Library that provides cross browser support for browser generated vector graphics such as SVG. Considering the book was published in April 2008, I sure, if she had known this would have been included.

'Painting the Web' by many-time author Ms. Powers is a look at graphical design and layout of said data on the web. Focus is on how things should/can/will look on the internet, specific graphics tools and approaches and a detailed look at the SVG file format. SVG is a standard image format for displaying vector-based images instead of point based output like JPEGs and GIFs. SVG is an XML-type format that can be read in and edited in any text editor. The book is full color which I always appreciate and it written by a seasoned pro.

This is a nice companion book for any and all that do graphics programming on the web and is easy to recommend. Jam packed with 600+ pages of content this is a massive text that probably could have been reduced in size but what is there is a positive effort for sure.

**** RECOMMENDED

In spite of the huge number of graphics on the Web, the practice is surprisingly underserved in terms of the literature. Of course, there are design books, books on software, but these focus on best use of a product. The nuances and requirements for the Web are harder to find.

This book is a practitioner's book. And, it's a quite personal work. Written in a conversational style, it's easy to read. The author covers a wide range of tools which she uses on a regular basis. That includes a variety of less-familiar open source tools.

There is a great deal of HTML, CSS and JS code related specifically to graphic representation. It's really convenient to have this foundation in one place.

At first glance, one might be surprised at the detail given to techniques of Photoshop and other tools. But again, as a practitioner's book, it reflects the techniques useful for specifically Web design. It's handy to have these in one place for reference.

Because it is a rather personal work, there will be emphases that one might change. There is a significant amount of space spent on SVG -- which, although a standard, I think is problematic because of the lack of inherent support in IE and Adobe's discontinuation of the plug-in. In any case, weighing in at 638 pages, there's a lot of good information, regardless of one's personal opinion.

The focus is on traditional and standards-based HTML programming. The author does broach the canvas object -- a part of the HTML 5 standard which provides another route to animation on the desktop. However, IE8, at the time of the book's writing, didn't support this object. There is no coverage of Flash, and Silverlight is mentioned simply to identify another non-standard MS approach. Indeed, both Adobe and MS focus their energies on Flex/Flash/AIR and Silverlight technologies respectively to provide a richer Internet experience.

As fits a book on graphics, illustrations are in color. This adds a lot to the vitality of the read, and helps portray information in a useful way.

As the author notes, no one book can address the many issues related to web graphics. This book is of a different character than Weinman's Designing Web Graphics.4. Though in need of an update, that volume presents a more structured and a complementary perspective to the present.

In any case, it's a good addition to the Web designer's bookshelf.