Excellent high-lvel book for anyone involved with software development and implementation. This book digs deep with enough details of security in coding and testing practices and how to avoid security related bugs and vulnerabilities. The book also does well in terms of secure coding, white box and black box testing very well. Few things where this book falls short "Ignorant" to emerging application landscape and the coding complexities in a multi-platform and application integration environment - J2EE, .NET, XML Web Services and SOA. I am sure, the author will agree on those gaps hopefully we see in the next edition of this book. The book deserves 5 stars for the concepts + illustrations and 3 stars for those keen on development details for distributed applications.