Securing Ajax Applications - New Book From O'Reilly

"Deciding to add security to a web application is like deciding whether to wear clothes in the morning, " writes security expert Christopher Wells. "Both decisions provide comfort and protection throughout the day, and in both cases the decisions are better made beforehand rather than later."

In his new book, Securing Ajax Applications, Wells aims to teach web developers and programmers how to make vital security decisions before problems arise. Throughout his new book, Wells also systematically explores methods for maintaining web application security in today's open and creative Web 2.0 environment. Furthermore, he details how to locate gaps and what to do to plug vulnerabilities before attackers take advantage of them.

Securing Ajax Applications covers basic security techniques and examines vulnerabilities with JavaScript, XML, JSON, Flash, and other technologies. Wells, also, clearly and succinctly explains how the same back-and-forth communication that makes Ajax so responsive also gives invaders new opportunities to gather data, make creative new requests of a server, and interfere with exchanges between websites and their visitors. This timely resource teaches developers how to build secure Ajax applications.

Topics include:

• overview of the evolving web platform, including APIs, feeds, web services, and asynchronous messaging
  
• web security basics, including common vulnerabilities, common cures, state management, and session management
  
• how to secure web technologies, such as Ajax, JavaScript, Java applets, Active X controls, plug-ins, Flash, and Flex
  
• how to protect servers, including front-line defense, dealing with application servers, PHP, and scripting
  
• vulnerabilities among web standards such as HTTP, XML, JSON, RSS, ATOM, REST, and XDOS
  
• how to secure web services, build secure APIs, and make open mashups secure

Wells convincingly demonstrates why web security isn't just for administrators and backend programmers. Indeed, web applications don't have security guards to protect them. And there is no enforcer to beat the living bytes out of would-be attackers. Today it's up to web developers everywhere to build security into their applications.

Christopher Wells has deployed security solutions for major healthcare, telecommunication, and financial industries, and is currently employed as an Information Security Consultant for a major financial institution. He is an accomplished applications security architect with over 10 years of application security experience. Christopher holds multiple security certifications including CISSP.

Related links: (Open in a new window.)
www.oreilly/catalog/9780596529314

View printable version (opens in new window)
Back