Publisher: O'Reilly Media Released: July 2007 Pages: 256
Ajax applications should be open yet secure. Far too often security is added as an afterthought. Potential flaws need to be identified and addressed right away. This book explores Ajax and web application security with an eye for dangerous gaps and offers ways that you can plug them before they become a problem. By making security part of the process from the start, you will learn how to build secure Ajax applications and discover how to respond quickly when attacks occur.
Securing Ajax Applications succinctly explains that the same back-and-forth communications that make Ajax so responsive also gives invaders new opportunities to gather data, make creative new requests of your server, and interfere with the communications between you and your customers. This book presents basic security techniques and examines vulnerabilities with JavaScript, XML, JSON, Flash, and other technologies -- vital information that will ultimately save you time and money.
Topics include: - An overview of the evolving web platform, including APIs, feeds, web services and asynchronous messaging
- Web security basics, including common vulnerabilities, common cures, state management and session management
- How to secure web technologies, such as Ajax, JavaScript, Java applets, Active X controls, plug-ins, Flash and Flex
- How to protect your server, including front-line defense, dealing with application servers, PHP and scripting
- Vulnerabilities among web standards such as HTTP, XML, JSON, RSS, ATOM, REST, and XDOS
- How to secure web services, build secure APIs, and make open mashups secure
Securing Ajax Applications takes on the challenges created by this new generation of web development, and demonstrates why web security isn't just for administrators and back-end programmers any more. It's also for web developers who accept the responsibility that comes with using the new wonders of the Web. |
-
Chapter 1 The Evolving Web -
The Rise of the Web -
Chapter 2 Web Security -
Security Basics -
Risk Analysis -
Common Web Application Vulnerabilities -
Chapter 3 Securing Web Technologies -
How Web Sites Communicate -
Browser Security -
Browser Plug-ins, Extensions, and Add-ons -
Chapter 4 Protecting the Server -
Network Security -
Host Security -
Web Server Hardening -
Application Server Hardening -
Chapter 5 A Weak Foundation -
HTTP Vulnerabilities -
The Threats -
JSON -
XML -
RSS -
Atom -
REST -
Chapter 6 Securing Web Services -
Web Services Overview -
Security and Web Services -
Web Service Security -
Chapter 7 Building Secure APIs -
Building Your Own APIs -
Preconditions -
Postconditions -
Invariants -
Security Concerns -
RESTful Web Services -
Chapter 8 Mashups -
Web Applications and Open Internet APIs -
Wild Web 2.0 -
Mashups and Security -
Open Versus Secure -
A Security Blanket -
Case Studies -
Colophon |
- Title:
- Securing Ajax Applications
- By:
- Christopher Wells
- Publisher:
- O'Reilly Media
- Formats:
-
- Print
- Ebook
- Safari Books Online
- Print:
- July 2007
- Ebook:
- February 2009
- Pages:
- 256
- Print ISBN:
- 978-0-596-52931-4
- | ISBN 10:
- 0-596-52931-7
- Ebook ISBN:
- 978-0-596-10274-6
- | ISBN 10:
- 0-596-10274-7
|
-
Christopher Wells Christopher Wells has deployed security solutions for major healthcare, telecommunication, and financial industries, and is currently employed as an Information Security Consultant for a major financial institution. He is an accomplished applications security architect with over 10 years of application security experience. Christopher holds multiple security certifications including a Certified Information Security Systems Professional (CISSP), and holds a Bachelor degree from the University of Minnesota. View Christopher Wells's full profile page. |
Colophon About the AuthorChristopher Wells has deployed security solutions in the health care, telecommunication, and financial industries, and he is currently employed as an Information Security Consultant for a major financial institution. He is an accomplished applications security architect with more than 10 years of application security experience. Christopher holds multiple security certifications including a Certified Information Security Systems Professional (CISSP), and he holds a bachelor's degree from the University of Minnesota.ColophonThe animal on the cover of Securing Ajax Applications is a spotted hyena (Crocuta crocuta). This is also sometimes known as the laughing hyena, due to its distinctive rallying call, which is said to sound similar to a human's laughter. This animal is native to Africa. It lives in a group, or "clan," of about 30 40 hyenas. The hyena is unique to carnivores in that the female is dominant over the male.In addition to having spots, this hyena's fur is varying shades of light brown. Its snout is dark, as is the tip of its tail. I's body slopes downward from the head, and its front legs are longer than the back legs. It has a large, extremely powerful jaw, which it uses as its foremost weapon when hunting prey.The hyena has a reputation as a scavenger, but this is actually incorrect. Although it does steal food from other animals, it is also a skilled hunter, able to target and kill even large animals such as zebras. There is no love lost between lions and hyenas, as they seem to have an inborn hatred of each other. Lions have been known to kill hyenas for sport, while hyenas prey on smaller lion adults and cubs.The cover image is from Wood's Illustrated Natural History. The cover font is Adobe ITC Garamond. The text font is Linotype Birka; the heading font is Adobe Myriad Condensed; and the code font is LucasFont's TheSans Mono Condensed. |
|
Description
|
Table of Contents
|
Product Details
|
About the Author
|
Colophon
|
 |
|
|
|
|
|
Recommended for You
|
Recently Viewed
|
|
|
By Rich Bowen
February 2007
By Chris Angus
November 2006
By Jason Cole, Helen Foster
November 2007
Ebook: $31.99
Print & Ebook: $43.99
Print: $39.99
|
Customer Reviews
9/11/2010 (1 of 1 customers found this review helpful) 5.0Excellent Coverage of AJAX/Web Security By jdruin from KY About Me Developer, Educator - Accurate
- Easy to understand
- Well-written
- Expert
- Intermediate
- Novice
- Student
|
|
|
