Book description
Ajax applications should be open yet secure. Far too often security is added as an afterthought. Potential flaws need to be identified and addressed right away. This book explores Ajax and web application security with an eye for dangerous gaps and offers ways that you can plug them before they become a problem. By making security part of the process from the start, you will learn how to build secure Ajax applications and discover how to respond quickly when attacks occur.
Securing Ajax Applications succinctly explains that the same back-and-forth communications that make Ajax so responsive also gives invaders new opportunities to gather data, make creative new requests of your server, and interfere with the communications between you and your customers. This book presents basic security techniques and examines vulnerabilities with JavaScript, XML, JSON, Flash, and other technologies -- vital information that will ultimately save you time and money.
Topics include:
- An overview of the evolving web platform, including APIs, feeds, web services and asynchronous messaging
- Web security basics, including common vulnerabilities, common cures, state management and session management
- How to secure web technologies, such as Ajax, JavaScript, Java applets, Active X controls, plug-ins, Flash and Flex
- How to protect your server, including front-line defense, dealing with application servers, PHP and scripting
- Vulnerabilities among web standards such as HTTP, XML, JSON, RSS, ATOM, REST, and XDOS
- How to secure web services, build secure APIs, and make open mashups secure
Publisher resources
Table of contents
-
Securing Ajax Applications
- SPECIAL OFFER: Upgrade this ebook with O’Reilly
- Preface
-
1. The Evolving Web
-
1.1. The Rise of the Web
- 1.1.1. Hypertext Transfer Protocol (HTTP)
- 1.1.2. HTTP Transactions
- 1.1.3. The response
- 1.1.4. HTTP Methods
- 1.1.5. HTTP Response
- 1.1.6. HTTP Headers
- 1.1.7. Message or Entity Body
- 1.1.8. HTML
- 1.1.9. Mosaic and Netscape
- 1.1.10. The Browser Wars
- 1.1.11. Plug-ins, ActiveX, Applets, and JavaScript, Flash
- 1.1.12. The Dot-Com Bubble
- 1.1.13. Web Servers
- 1.1.14. e-commerce
- 1.1.15. Pop!
- 1.1.16. The Hero, Ajax
- 1.1.17. What Is an API?
- 1.1.18. Why Worry?
- 1.1.19. For More Information
-
1.1. The Rise of the Web
-
2. Web Security
-
2.1. Security Basics
-
2.1.1. Build Security In
- 2.1.1.1. Expect the unexpected
- 2.1.1.2. Subjects
- 2.1.1.3. Objects
- 2.1.1.4. Operations
- 2.1.1.5. Surface area
- 2.1.1.6. Confidentiality
- 2.1.1.7. Privacy
- 2.1.1.8. Encryption
- 2.1.1.9. Integrity/validation
- 2.1.1.10. Authentication
- 2.1.1.11. Authorization and access control
- 2.1.1.12. Separation of duties
- 2.1.1.13. Nonrepudiation
- 2.1.1.14. Availability
- 2.1.1.15. Trust
-
2.1.1. Build Security In
- 2.2. Risk Analysis
-
2.3. Common Web Application Vulnerabilities
- 2.3.1. OWASP
- 2.3.2. Unvalidated Input
- 2.3.3. Broken Access Control
- 2.3.4. Broken Authentication and Session Management
- 2.3.5. Cross-Site Scripting (XSS)
- 2.3.6. Buffer Overflow
- 2.3.7. Injection Flaws
- 2.3.8. Improper Error Handling
- 2.3.9. Insecure Storage
- 2.3.10. Application Denial of Service
- 2.3.11. Insecure Configuration Management
- 2.3.12. Other Vulnerabilities
- 2.3.13. For More Information
-
2.1. Security Basics
-
3. Securing Web Technologies
- 3.1. How Web Sites Communicate
- 3.2. Browser Security
- 3.3. Browser Plug-ins, Extensions, and Add-ons
-
4. Protecting the Server
- 4.1. Network Security
- 4.2. Host Security
- 4.3. Web Server Hardening
- 4.4. Application Server Hardening
-
5. A Weak Foundation
- 5.1. HTTP Vulnerabilities
-
5.2. The Threats
- 5.2.1. Cross-Site Scripting (XSS)
-
5.2.2. Injection Vulnerabilities
- 5.2.2.1. SQL injection
- 5.2.2.2. Lightweight Directory Access Protocol (LDAP) injection
- 5.2.2.3. Command or process injection
- 5.2.2.4. HTTP response splitting
- 5.2.2.5. DOM injection and JavaScript
- 5.2.2.6. Cross-site Request Forgery (CSRF or XSRF)
- 5.2.2.7. Cross-user defacement
- 5.2.2.8. Cache poisoning
- 5.2.3. Other Vulnerabilities
- 5.2.4. Data Handling
- 5.3. JSON
- 5.4. XML
- 5.5. RSS
- 5.6. Atom
- 5.7. REST
-
6. Securing Web Services
- 6.1. Web Services Overview
- 6.2. Security and Web Services
- 6.3. Web Service Security
- 7. Building Secure APIs
- 8. Mashups
- About the Author
- Colophon
- SPECIAL OFFER: Upgrade this ebook with O’Reilly
Product information
- Title: Securing Ajax Applications
- Author(s):
- Release date: July 2007
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9780596551537
You might also like
book
Ajax Security
The Hands-On, Practical Guide to Preventing Ajax-Related Security Vulnerabilities More and more Web sites are being …
book
What's New in Apache Web Server 2.2?
What's New in Apache Web Server 2.2? shows you all the new features you'll know to …
book
Perl for Web Site Management
Checking links, batch editing HTML files, tracking users, and writing CGI scripts--these are the often tedious …
book
Ajax: The Definitive Guide
Is Ajax a new technology, or the same old stuff web developers have been using for …