| | |  | Software Design, Testing & Engineering | Home » » » Securing Ajax Applications: Ensuring the Safety of the Dynamic Web | | | | | | | Description: | | Ajax applications should be open yet secure. Far too often security is added as an afterthought. Potential flaws need to be identified and addressed right away. This book explores Ajax and web application security with an eye for dangerous gaps and offers ways that you can plug them before they become a problem. By making security part of the process from the start, you will learn how to build secure Ajax applications and discover how to respond quickly when attacks occur.
Securing Ajax Applications succinctly explains that the same back-and-forth communications that make Ajax so responsive also gives invaders new opportunities to gather data, make creative new requests of your server, and interfere with the communications between you and your customers. This book presents basic security techniques and examines vulnerabilities with JavaScript, XML, JSON, Flash, and other technologies -- vital information that will ultimately save you time and money.
Topics include: - An overview of the evolving web platform, including APIs, feeds, web services and asynchronous messaging
- Web security basics, including common vulnerabilities, common cures, state management and session management
- How to secure web technologies, such as Ajax, JavaScript, Java applets, Active X controls, plug-ins, Flash and Flex
- How to protect your server, including front-line defense, dealing with application servers, PHP and scripting
- Vulnerabilities among web standards such as HTTP, XML, JSON, RSS, ATOM, REST, and XDOS
- How to secure web services, build secure APIs, and make open mashups secure
Securing Ajax Applications takes on the challenges created by this new generation of web development, and demonstrates why web security isn't just for administrators and back-end programmers any more. It's also for web developers who accept the responsibility that comes with using the new wonders of the Web.
| | | Product Details: | | | Author:
| Christopher Wells Exe | | Paperback:
| 256 pages | | Publisher:
| O'Reilly Media | | Publication Date:
| July 18, 2007 | | Language:
| English | | ISBN:
| 0596529317 | | Product Length:
| 9.16 inches | | Product Width:
| 7.08 inches | | Product Height:
| 0.64 inches | | Product Weight:
| 0.88 pounds | | Package Length:
| 9.1 inches | | Package Width:
| 7.0 inches | | Package Height:
| 0.7 inches | | Package Weight:
| 0.9 pounds | | Average Customer Rating:
|  based on 9 reviews |
| | | | Customer Reviews: | |
Average Customer Review:
 ( 9 customer reviews )
Write an online review and share your thoughts with other customers.
Most Helpful Customer Reviews
17 of 18 found the following review helpful:
 Jack of all trades, master of noneAug 02, 2007
By Evan R
If you are looking for a superficial review of 50 different topics indirectly related to web application security, this is the book for you.
"Securing Ajax Applications" is just all over the place. The topics covered are only tangentially related to AJAX. If you are a programmer looking for ways to harden XHR, you are out of luck.
For example:
The section on "Protecting the Server" owes much of its 30-page length to 1) a tutorial on installing the Ubuntu distribution of Linux, 2) an overview of syslog and its configuration file, and 3) setting up iptables. Yes, that's right, a tutorial on installing Linux in a book on AJAX security. There are even screenshots (plural). I am not kidding: go check out the publisher's web site, this chapter is the sample chapter. While you are there, check out the table of contents and ask yourself if the high-level topic intros presented in those sections will likely make you a programmer of more secure AJAX applications.
I am not exaggerating when I say that it is as if the author amassed a collection of FAQs and blog articles related to general topics in Internet security, and O'Reilly decided that if they bound them together in book form and put "AJAX" in the title, they could sell it for $49.95.
The book could have just as easily been published by Sitepoint with a title like "The Web Site Security Anthology, 50 Things You Need To Know", at 60% of the price.
For $20 cheaper, "Essential PHP Security" (O'Reilly) is better spent money and will actually teach you something useful (even if you are not a PHP developer).
12 of 13 found the following review helpful:
 UselessAug 14, 2007
By Dean H. Saxe
If I wanted a generic web application security book, this might have fit the bill. Barely. The book spends precious little space discussing security with Ajax applications.
I have never been so disappointed with an O'Reilly book with respect to the quality and quantity of information presented.
5 of 5 found the following review helpful:
 The title should be "An Introducing To Web Security"Feb 12, 2008
By Rodrigo Costa
In its 211 pages, Christopher Wells written a good book with one bad feature: Barely speak about the title-theme. In my opinion, this book is a good guide to start your studies about web security. Its chapters covers issues like web-server security, secure ways to develop your applications, many demonstrations of threat exploits and how to protect your application to them.
My conclusion is: If you want start your studies in Web Security, go on and buy this book. If you already did this and want to learn specifically about AJAX Security, try other book, because this one won't help you so much.
2 of 2 found the following review helpful:
The topic is too vast to be adequately addressed in a little book like thisMar 29, 2008
By Robert D. Glover Jr.
"robert-g-near-nyc"
The author is very smart and very knowledgeable, but the catchy book title is simply too vast a topic to be covered by a small book like this. There is a lot to be learned from this book, but it's mainly general knowledge about a vast array of topics that only vaguely fall under the AJAX category. Like "Javascript: the Good Parts", this book probably requires two or three readings to really appreciate it. Meanwhile, the first reading is not all that illuminating. For example, the samples of web security holes seem contrived and unlikely to occur in real life. Who actually writes a web application that lets the web browser client user choose the name and directory location of the file to download from the server? He even throws his hands up in the course of one topic and concludes there is no actual way to ensure security, given the poor architecture of the enabling technology.
6 of 8 found the following review helpful:
Wow, very disappointed...this is not an AJAX bookNov 20, 2007
By .NET Code Monkey
I was really looking forward to this book as this topic is very important to my job. But there is very little AJAX-specific content. The closest it comes is chapter five that dabbles with JSON a bit.
If you want to secure AJAX applications, you can pass over this title and stick to the basics:
- Learn and apply holistic, defense-in-depth development principles. A great primer for this is Writing Secure Code, Second Edition.
- Dig deeper into web-specific practices--both development and networking/administration. Although a little outdated (references Windows 2000 a lot), the best book I have seen so far is Improving Web Application Security: Threats and Countermeasures.
- Just remember that AJAX is nothing more than using JavaScript at the client to pull back XML from the server, so your weakest points in your application can be hardened with plain 'ole input validation. Validate at the client to ensure you have a properly assembled HTTP request going out. Validate at the server to ensure incoming variables don't break any rules, and XML encode all user input (preferably using Microsoft's free Anti-XSS library) on the way back to the client to avoid cross-site scripting.
See all 9 customer reviews on Amazon.com
| | |
|
