You need this book if you are a programmer responsible for creating and maintaining online applications that involve secure data. And you need this book even if you are a programmer who is not responsible for creating and maintaining secure online applications, for security threats are not confined to collecting what should be private information. If you are not a programmer, but a project manager or even an end user, you may still gain valuable insight from the concepts and practices we describe here, for they certainly will (at least we hope they will) give you a new appreciation of the importance of building security into web transactions, and they might even help you notice threats to the security of your own transactions. While it is programmers who are responsible for building secure applications, it is end users who are responsible for using them in a secure way—or deciding not to use them at all in situations where the risk is too great.
