Securing Ajax Applications
by Wells, ChristopherFormat: Paperback
Pub. Date: 2007-07-11
Publisher(s): Oreilly & Associates Inc
Other versions by this Author
List Price: $53.49
Rent Book
Select for Price
Digital
$47.99
New Book
We're Sorry
Sold Out
Used Book
We're Sorry
Sold Out
How Marketplace Works:
- This item is offered by an independent seller and not shipped from our warehouse
- Item details like edition and cover design may differ from our description; see seller's comments before ordering.
- Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
- Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
- Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.
Summary
Ajax applications should be open yet secure. Far too often security is added as an afterthought. Potential flaws need to be identified and addressed right away. This book explores Ajax and web application security with an eye for dangerous gaps and offers ways that you can plug them before they become a problem. By making security part of the process from the start, you will learn how to build secure Ajax applications and discover how to respond quickly when attacks occur. Securing Ajax Applications succinctly explains that the same back-and- forth communications that make Ajax so responsive also gives invaders new opportunities to gather data, make creative new requests of your server, and interfere with the communications between you and your customers. This book presents basic security techniques and examines vulnerabilities with JavaScript, XML, JSON, Flash, and other technologies - vital information that will ultimately save you time and money.
Author Biography
Christopher Wells has deployed security solutions for major healthcare, telecommunication, and financial industries, and is currently employed as an Information Security Consultant for a major financial institution. He is an accomplished applications security architect with over 10 years of application security experience. Christopher holds multiple security certifications including a Certified Information Security Systems Professional (CISSP), and holds a Bachelor degree from the University of Minnesota.
Table of Contents
| Preface | p. ix |
| The Evolving Web | p. 1 |
| The Rise of the Web | p. 2 |
| Web Security | p. 29 |
| Security Basics | p. 29 |
| Risk Analysis | p. 37 |
| Common Web Application Vulnerabilities | p. 40 |
| Securing Web Technologies | p. 56 |
| How Web Sites Communicate | p. 56 |
| Browser Security | p. 61 |
| Browser Plug-ins, Extensions, and Add-ons | p. 76 |
| Protecting the Server | p. 99 |
| Network Security | p. 100 |
| Host Security | p. 103 |
| Web Server Hardening | p. 121 |
| Application Server Hardening | p. 128 |
| A Weak Foundation | p. 130 |
| HTTP Vulnerabilities | p. 131 |
| The Threats | p. 136 |
| JSON | p. 143 |
| XML | p. 146 |
| RSS | p. 148 |
| Atom | p. 149 |
| REST | p. 152 |
| Securing Web Services | p. 155 |
| Web Services Overview | p. 156 |
| Security and Web Services | p. 167 |
| Web Service Security | p. 172 |
| Building Secure APIs | p. 174 |
| Building Your Own APIs | p. 174 |
| Preconditions | p. 179 |
| Postconditions | p. 180 |
| Invariants | p. 180 |
| Security Concerns | p. 181 |
| RESTful Web Services | p. 183 |
| Mashups | p. 190 |
| Web Applications and Open Internet APIs | p. 191 |
| Wild Web 2.0 | p. 192 |
| Mashups and Security | p. 194 |
| Open Versus Secure | p. 198 |
| A Security Blanket | p. 199 |
| Case Studies | p. 201 |
| Index | p. 213 |
| Table of Contents provided by Ingram. All Rights Reserved. |
An electronic version of this book is available through VitalSource.
This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.
By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.
Digital License
You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.
More details can be found here.
A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.
Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.
Please view the compatibility matrix prior to purchase.