Ajax applications should be open yet secure. Far too often security is added as an afterthought. Potential flaws need to be identified and addressed right away. This book explores Ajax and web application security with an eye for dangerous gaps and offers ways that you can plug them before they become a problem. By making security part of the process from the start, you will learn how to build secure Ajax applications and discover how to respond quickly when attacks occur.
An overview of the evolving web platform, including APIs, feeds, web services and asynchronous messaging
Web security basics, including common vulnerabilities, common cures, state management and session management
How to protect your server, including front-line defense, dealing with application servers, PHP and scripting
Vulnerabilities among web standards such as HTTP, XML, JSON, RSS, ATOM, REST, and XDOS
How to secure web services, build secure APIs, and make open mashups secure
Securing Ajax Applications takes on the challenges created by this new generation of web development, and demonstrates why web security isn't just for administrators and back-end programmers any more. It's also for web developers who accept the responsibility that comes with using the new wonders of the Web.
Christopher Wells has deployed security solutions for major healthcare, telecommunication, and financial industries, and is currently employed as an Information Security Consultant for a major financial institution. He is an accomplished applications security architect with over 10 years of application security experience. Christopher holds multiple security certifications including a Certified Information Security Systems Professional (CISSP), and holds a Bachelor degree from the University of Minnesota.
About the AuthorChristopher Wells has deployed security solutions in the health care, telecommunication, and financial industries, and he is currently employed as an Information Security Consultant for a major financial institution. He is an accomplished applications security architect with more than 10 years of application security experience. Christopher holds multiple security certifications including a Certified Information Security Systems Professional (CISSP), and he holds a bachelor's degree from the University of Minnesota.ColophonThe animal on the cover of Securing Ajax Applications is a spotted hyena (Crocuta crocuta). This is also sometimes known as the laughing hyena, due to its distinctive rallying call, which is said to sound similar to a human's laughter. This animal is native to Africa. It lives in a group, or "clan," of about 30 40 hyenas. The hyena is unique to carnivores in that the female is dominant over the male.In addition to having spots, this hyena's fur is varying shades of light brown. Its snout is dark, as is the tip of its tail. I's body slopes downward from the head, and its front legs are longer than the back legs. It has a large, extremely powerful jaw, which it uses as its foremost weapon when hunting prey.The hyena has a reputation as a scavenger, but this is actually incorrect. Although it does steal food from other animals, it is also a skilled hunter, able to target and kill even large animals such as zebras. There is no love lost between lions and hyenas, as they seem to have an inborn hatred of each other. Lions have been known to kill hyenas for sport, while hyenas prey on smaller lion adults and cubs.The cover image is from Wood's Illustrated Natural History. The cover font is Adobe ITC Garamond. The text font is Linotype Birka; the heading font is Adobe Myriad Condensed; and the code font is LucasFont's TheSans Mono Condensed.
Comments about oreilly Securing Ajax Applications:
Based on the OWASP top ten guidelines, this book does a great job of covering the major issues surrounding the use of AJAX-type technologies in web applications.
Early in chapters 1-3, the author lays the foundation by explaining some of the history of the web and how we arrived at today. In the middle chapters, the author shows how to protect AJAX portions of web applications on the server and with various protocols (JSON, XML, etc.)
The advice is geared towards asyncronous (background) calls to web services, but the information could be applied to any web page whether AJAX is used or not.
This book is recommended for web developers of all types. The coverage of web security concepts such as separation of duties, least privilege, validation, authorization, authentication, and other topics are fundamental enough to help any developer build more secure applications.
Bottom Line Yes, I would recommend this to a friend