Securing Ajax Applications: Ensuring the Safety of the Dynamic...

Features

• Cover Type: Paperback with 250 pages
• Published by: O'Reilly Media, Inc. July 11, 2007
• Written in: English
• ISBN 10 Number: 0596529317
• ISBN 13 Number: 978-0596529314
• Book Dimensions: 9.1 x 7 x 0.7 inches
• Weighs: 14.4 ounces

Product Description
Ajax applications should be open yet secure. Far too often security is added as an afterthought. Potential flaws need to be identified and addressed right away. This book explores Ajax and web application security with an eye for dangerous gaps and offers ways that you can plug them before they become a problem. By making security part of the process from the start, you will learn how to build secure Ajax applications and discover how to respond quickly when attacks occur.

Securing Ajax Applications succinctly explains that the same back-and-forth communications that make Ajax so responsive also gives invaders new opportunities to gather data, make creative new requests of your server, and interfere with the communications between you and your customers. This book presents basic security techniques and looks at vulnerabilities with JavaScript, XML, JSON, Flash, and other technologies -- vital information that will ultimately save you time and money.

Topics include:

• An overview of the evolving web platform, including APIs, feeds, web services and asynchronous messaging
• Web security basics, including common vulnerabilities, common cures, state management and session management
• How to secure web technologies, such as Ajax, JavaScript, Java applets, Active X controls, plug-ins, Flash and Flex
• How to protect your server, including front-line defense, dealing with application servers, PHP and scripting
• Vulnerabilities among web standards such as HTTP, XML, JSON, RSS, ATOM, REST, and XDOS
• How to secure web services, build secure APIs, and make open mashups secure

Securing Ajax Applications takes on the challenges created by this new generation of web development, and demonstrates why web security isn't just for administrators and back-end programmers any more. It's also for web developers who accept the responsibility that comes with using the new wonders of the Web.



About The Author
Christopher Wells has deployed security solutions for major healthcare, telecommunication, and financial industries, and is currently employed as an Information Security Consultant for a major financial institution. He is an accomplished applications security architect with over ten years of application security experience. Christopher holds multiple security certifications including a Certified Information Security Systems Professional (CISSP), and holds a Bachelor degree from the University of Minnesota.

Reader Reviews
If you are looking for a superficial review of 50 different topics indirectly related to web application security, this is the book for you. "Securing Ajax Applications" is just all over the place. The topics covered are only tangentially related to AJAX. If you are a programmer looking for ways to harden XHR, you are out of luck. For example: The section on "Protecting the Server" owes much of its 30-page length to 1) a tutorial on installing the Ubuntu distribution of Linux, 2) an overview of syslog and its configuration file, and 3) setting up iptables. Yes, that's right, a tutorial on installing Linux in a book on AJAX security. There are even screenshots (plural). I am not kidding: go check out the publisher's web site, this chapter is the sample chapter. While you are there, check out the table of contents and ask yourself if the high-level topic intros presented in those sections will likely make you a programmer of more secure AJAX applications. I am not exaggerating when I say that it is as if the author amassed a collection of FAQs and blog articles related to general topics in Internet security, and O'Reilly decided that if they bound them together in book form and put "AJAX" in the title, they could sell it for $49.95. The book could have just as easily been published by Sitepoint with a title like "The Web Site Security Anthology, 50 Things You Need To Know", at 60% of the price. For $20 cheaper, "Essential PHP Security" (O'Reilly) is better spent money and will actually teach you something useful (even if you are not a PHP developer). Comment | | (Report this)