[lucb1e]

Without knowing the book, I think that not that much has changed. There's something new every day, but just as keeping up with that is a regular task, so would be transitioning from the state presented in any book or tutorial to the practical application you are facing today. Everyone does stuff slightly differently, and by and large the attacks haven't really changed.

Memory corruption and cross-site scripting have both been around for decades and are still vulnerabilities you'll find daily in today's work. The only bugs that have actually gotten a lot better is sql-injection and password storage (not guidelines), the former with parameterized queries and the latter with hashing (even if it's frequently still plain sha1). But the principle still applies: just last week the customer put text into a json string ('''<script>data=JSON.parse("<?php echo $data;?>");</script>''') which is basically identical to an sql injection but with a different language (i.e. javascript). If you learned about sqli a decade ago, that knowledge still works today.