Picture 1 of 1
Stock photo
Picture 1 of 1
Stock photo
Ajax Security by Billy Hoffman and Bryan Sullivan (2007, Perfect)
Goodwill of Silicon Valley Books (179611)
98.4% positive feedback
Price:
US $67.92
ApproximatelyRM 287.40
+ $20.24 shipping
Returns:
30 days return. Buyer pays for return shipping. If you use an eBay shipping label, it will be deducted from your refund amount.
Condition:
Oops! Looks like we're having trouble connecting to our server.
Refresh your browser window to try again.
About this product
Product Identifiers
PublisherAddison Wesley Professional
ISBN-100321491939
ISBN-139780321491930
eBay Product ID (ePID)61491430
Product Key Features
Number of Pages504 Pages
Publication NameAjax Security
LanguageEnglish
SubjectNetworking / Vendor Specific, Security / General, Web / Design, Security / Networking
Publication Year2007
TypeTextbook
AuthorBilly Hoffman, Bryan Sullivan
Subject AreaComputers
FormatPerfect
Dimensions
Item Height1 in
Item Weight25.4 Oz
Item Length9.1 in
Item Width6.9 in
Additional Product Features
Intended AudienceScholarly & Professional
LCCN2007-037191
Dewey Edition22
IllustratedYes
Dewey Decimal005.8
Table Of ContentPreface xviiPreface (The Real One) xvixChapter 1 Introduction to Ajax Security 1An Ajax Primer 2What Is Ajax? 2Asynchronous 3JavaScript 6XML 11Dynamic HTML (DHTML) 11The Ajax Architecture Shift 11Thick-Client Architecture 12Thin-Client Architecture 13Ajax: The Goldilocks of Architecture 15A Security Perspective: Thick-Client Applications 16A Security Perspective: Thin-Client Applications 17A Security Perspective: Ajax Applications 18A Perfect Storm of Vulnerabilities 19Increased Complexity, Transparency, and Size 19Sociological Issues 22Ajax Applications: Attractive and Strategic Targets 23Conclusions 24 Chapter 2 The Heist 25 Eve 25 Hacking HighTechVacations.net 26 Hacking the Coupon System 26 Attacking Client-Side Data Binding 32 Attacking the Ajax API 36 A Theft in the Night 42 Chapter 3 Web Attacks 45 The Basic Attack Categories 45 Resource Enumeration 46 Parameter Manipulation 50 Other Attacks 75 Cross-Site Request Forgery (CSRF) 75 Phishing 76 Denial-of-Service (DoS) 77 Protecting Web Applications from Resource Enumeration and Parameter Manipulation 77 Secure Sockets Layer 78 Conclusions 78 Chapter 4 Ajax Attack Surface 81 Understanding the Attack Surface 81 Traditional Web Application Attack Surface 83 Form Inputs 83 Cookies 84 Headers 85 Hidden Form Inputs 86 Query Parameters 86 Uploaded Files 89 Traditional Web Application Attacks: A Report Card 90 Web Service Attack Surface 92 Web Service Methods 92 Web Service Definitions 94 Ajax Application Attack Surface 94 The Origin of the Ajax Application Attack Surface 96 Best of Both Worlds-for the Hacker 98 Proper Input Validation 98 The Problem with Blacklisting and Other Specific Fixes 99 <P style="MARG
SynopsisThe Hands-On, Practical Guide to Preventing Ajax-Related Security Vulnerabilities More and more Web sites are being rewritten as Ajax applications; even traditional desktop software is rapidly moving to the Web via Ajax. But, all too often, this transition is being made with reckless disregard for security. If Ajax applications aren't designed and coded properly, they can be susceptible to far more dangerous security vulnerabilities than conventional Web or desktop software. Ajax developers desperately need guidance on securing their applications: knowledge that's been virtually impossible to find, until now . Ajax Security systematically debunks today's most dangerous myths about Ajax security, illustrating key points with detailed case studies of actual exploited Ajax vulnerabilities, ranging from MySpace's Samy worm to MacWorld's conference code validator. Even more important, it delivers specific, up-to-the-minute recommendations for securing Ajax applications in each major Web programming language and environment, including .NET, Java, PHP, and even Ruby on Rails. You'll learn how to: Mitigate unique risks associated with Ajax, including overly granular Web services, application control flow tampering, and manipulation of program logic Write new Ajax code more safely--and identify and fix flaws in existing code Prevent emerging Ajax-specific attacks, including JavaScript hijacking and persistent storage theft Avoid attacks based on XSS and SQL Injection--including a dangerous SQL Injection variant that can extract an entire backend database with just two requests Leverage security built into Ajax frameworks like Prototype, Dojo, and ASP.NET AJAX Extensions--and recognize what you still must implement on your own Create more secure "mashup" applications Ajax Security will be an indispensable resource for developers coding or maintaining Ajax applications; architects and development managers planning or designing new Ajax software, and all software security professionals, from QA specialists to penetration testers., The Hands-On, Practical Guide to Preventing Ajax-Related Security Vulnerabilities More and more Web sites are being rewritten as Ajax applications; even traditional desktop software is rapidly moving to the Web via Ajax. But, all too often, this transition is being made with reckless disregard for security. If Ajax applications aren't designed and coded properly, they can be susceptible to far more dangerous security vulnerabilities than conventional Web or desktop software. Ajax developers desperately need guidance on securing their applications: knowledge that's been virtually impossible to find, until now . Ajax Security systematically debunks today's most dangerous myths about Ajax security, illustrating key points with detailed case studies of actual exploited Ajax vulnerabilities, ranging from MySpace's Samy worm to MacWorld's conference code validator. Even more important, it delivers specific, up-to-the-minute recommendations for securing Ajax applications in each major Web programming language and environment, including .NET, Java, PHP, and even Ruby on Rails. You'll learn how to: Mitigate unique risks associated with Ajax, including overly granular Web services, application control flow tampering, and manipulation of program logic Write new Ajax code more safely and identify and fix flaws in existing code Prevent emerging Ajax-specific attacks, including JavaScript hijacking and persistent storage theft Avoid attacks based on XSS and SQL Injection including a dangerous SQL Injection variant that can extract an entire backend database with just two requests Leverage security built into Ajax frameworks like Prototype, Dojo, and ASP.NET AJAX Extensions and recognize what you still must implement on your own Create more secure "mashup" applications Ajax Security will be an indispensable resource for developers coding or maintaining Ajax applications; architects and development managers planning or designing new Ajax software, and all software security professionals, from QA specialists to penetration testers., The Hands-On, Practical Guide to Preventing Ajax-Related Security Vulnerabilities More and more Web sites are being rewritten as Ajax applications; even traditional desktop software is rapidly moving to the Web via Ajax. But, all too often, this transition is being made with reckless disregard for security. If Ajax applications aren't designed and coded properly, they can be susceptible to far more dangerous security vulnerabilities than conventional Web or desktop software. Ajax developers desperately need guidance on securing their applications: knowledge that's been virtually impossible to find, until now . Ajax Security systematically debunks today's most dangerous myths about Ajax security, illustrating key points with detailed case studies of actual exploited Ajax vulnerabilities, ranging from MySpace's Samy worm to MacWorld's conference code validator. Even more important, it delivers specific, up-to-the-minute recommendations for securing Ajax applications in each major Web programming language and environment, including .NET, Java, PHP, and even Ruby on Rails. You'll learn how to: - Mitigate unique risks associated with Ajax, including overly granular Web services, application control flow tampering, and manipulation of program logic - Write new Ajax code more safely--and identify and fix flaws in existing code - Prevent emerging Ajax-specific attacks, including JavaScript hijacking and persistent storage theft - Avoid attacks based on XSS and SQL Injection--including a dangerous SQL Injection variant that can extract an entire backend database with just two requests - Leverage security built into Ajax frameworks like Prototype, Dojo, and ASP.NET AJAX Extensions--and recognize what you still must implement on your own - Create more secure "mashup" applications Ajax Security will be an indispensable resource for developers coding or maintaining Ajax applications; architects and development managers planning or designing new Ajax software, and all software security professionals, from QA specialists to penetration testers.
LC Classification NumberTK5105.8885.A52H62
Be the first to write a review
