Ajax Security

The HandsOn Practical Guide to Preventing AjaxRelated SecurityVulnerabilities More and more Web sites are being rewritten as Ajaxapplications even traditional d... » 

The HandsOn Practical Guide to Preventing AjaxRelated SecurityVulnerabilities More and more Web sites are being rewritten as Ajaxapplications even traditional desktop software is rapidly moving to the Webvia Ajax. But all too often this transition is being made with recklessdisregard for security. If Ajax applications arent designed and codedproperly they can be susceptible to far more dangerous securityvulnerabilities than conventional Web or desktop software. Ajax developersdesperately need guidance on securing their applications knowledge thats beenvirtually impossible to find until now. Ajax Security systematically debunkstodays most dangerous myths about Ajax security illustrating key points withdetailed case studies of actual exploited Ajax vulnerabilities ranging fromMySpaces Samy worm to MacWorlds conference code validator. Even moreimportant it delivers specific uptotheminute recommendations for securingAjax applications in each major Web programming language and environmentincluding .NET Java PHP and even Ruby on Rails. Youll learn how to Mitigate unique risks associated with Ajax including overly granular Webservices application control flow tampering and manipulation of program logic Write new Ajax code more safelyand identify and fix flaws in existing code Prevent emerging Ajaxspecific attacks including JavaScript hijacking andpersistent storage theft Avoid attacks based on XSS and SQL Injectionincluding a dangerous SQL Injection variant that can extract an entire backenddatabase with just two requests Leverage security built into Ajax frameworkslike Prototype Dojo and ASP.NET AJAX Extensionsand recognize what you stillmust implement on your own Create more secure mashup applications AjaxSecurity will be an indispensable resource for developers coding or maintainingAjax applications architects and development managers planning or designingnew Ajax software and all software security professionals from QA specialiststo penetration testers. «