- Paperback: 384 pages
- Publisher: Charles River Media; 1 edition (Dec 4 2007)
- Language: English
- ISBN-10: 1584505508
- ISBN-13: 978-1584505501
- Product Dimensions: 23.5 x 18.8 x 2.4 cm
- Shipping Weight: 771 g
-
Amazon Bestsellers Rank:
#689,436 in Books (See Top 100 in Books)
- #84 in Books > Computers & Internet > Programming > Languages & Tools > Ajax
- See Complete Table of Contents
|
||||||||||||||||||
|
||||||||||||||||||
|
||||||||||||||||||
Product Details |
Product Description
Product Description
Service-Oriented Architecure (SOA), Rich Internet Applications (RIA), and Asynchronous Java and eXtended Markup Language (Ajax) comprise the backbone behind now-widespread Web 2.0 applications, such as MySpace, Google Maps, Flickr, and Live.com. Although these robust tools make next-generation Web applications possible, they also add new security concerns to the fi eld of Web application security. Yamanner-, Sammy-, and Spaceflash-type worms are exploiting client-side Ajax frameworks, providing new avenues of attack, and compromising confidential information. Portals such as Google, Netflix, Yahoo, and MySpace have witnessed new vulnerabilities recently, and these vulnerabilities can be leveraged by attackers to perform phishing, cross-site scripting (XSS), and cross-site request forgery (CSRF) exploitation. Web 2.0 Security: Defending Ajax, RIA, and SOA covers the new field of Web 2.0 security. Written for security professionals and developers, the book explores Web 2.0 hacking methods and helps enhance next-generation security controls for better application security. Readers will gain knowledge in advanced footprinting and discovery techniques; Web 2.0 scanning and vulnerability detection methods; Ajax and Flash hacking methods; SOAP, REST, and XML-RPC hacking; RSS/Atom feed attacks; fuzzing and code review methodologies and tools; and tool building with Python, Ruby, and .NET. Whether you’re a computer security professional, a developer, or an administrator, Web 2.0 Security: Defending Ajax, RIA, and SOA is the only book you will need to prevent new Web 2.0 security threats from harming your network and compromising your data.
Inside This Book
(Learn More)
Tag this product(What's this?)Think of a tag as a keyword or label you consider is strongly related to this product.
Tags will help all customers organize and find favorite items. |
Customer Reviews
There are no customer reviews yet on Amazon.ca
5 star
4 star
3 star
2 star
1 star
Most Helpful Customer Reviews on Amazon.com (beta)
Amazon.com:
3 reviews
2 of 2 people found the following review helpful
VERY VERY HIGHLY RECOMMENDED!!
Mar 8 2008
Format:Paperback
Are you a security- professional or developer? If you are, this book is for you! Author Shreeraj Shah, has done an outstanding job of writing a great book that explores Web 2.0 hacking methods.
Shah, begins by covering real life Web 2.0 applications that offer a better perspective on the overall infrastructure. Next, the author focuses on the overall Web 2.0 changes and their impact on security. Then, he discusses Web services footprinting and identifies access points for SOA as well as an understanding of application discovery and profiling to identify internal Web 2.0 resources. The author continues by discussing the XSS attack vector and its security implications for Web 2.0 applications. In addition, the author explores the security concerns growing around RSS, mashup, and widgets. He also provides an overview of SOA and the security concerns associated with it. Next, the author takes a look at ModSecurity for Apache and IhttpModule for the .NET framework, as well as some tricks with which you can identify Ajax-based requests and act upon them on the server side. Finally, he covers some interesting tools, techniques, references, and cheat sheets.
This most excellent book addresses several critical aspects of Web 2.0 security/. What's most important though, is that this book addresses in detail both tactical attack vectors and defense strategies, while focussing on web 2.0.
Shah, begins by covering real life Web 2.0 applications that offer a better perspective on the overall infrastructure. Next, the author focuses on the overall Web 2.0 changes and their impact on security. Then, he discusses Web services footprinting and identifies access points for SOA as well as an understanding of application discovery and profiling to identify internal Web 2.0 resources. The author continues by discussing the XSS attack vector and its security implications for Web 2.0 applications. In addition, the author explores the security concerns growing around RSS, mashup, and widgets. He also provides an overview of SOA and the security concerns associated with it. Next, the author takes a look at ModSecurity for Apache and IhttpModule for the .NET framework, as well as some tricks with which you can identify Ajax-based requests and act upon them on the server side. Finally, he covers some interesting tools, techniques, references, and cheat sheets.
This most excellent book addresses several critical aspects of Web 2.0 security/. What's most important though, is that this book addresses in detail both tactical attack vectors and defense strategies, while focussing on web 2.0.
1 of 1 people found the following review helpful
Good Reference Book
July 12 2008
Format:Paperback
Buy this book if you want to have decent information on tools to use for testing and defending your applications against various Web 2.0 security-related vulnerabilities. I deducted one star because I felt that some parts of the book were redundant and some concepts were not explained well, but overall I am quite happy with this book!
Broad and deep about web 2.0 security!
May 3 2012
Format:Paperback
The book specifically focus on web 2.0 security, just as its name. You may need some fundamental knowledge about web2.0 technologies. If not, don't worry. The first chapter's overview is enough for the rest of the book.
Listmania!
Look for similar items by category
- Books > Computers & Internet > Business & Culture > Privacy
- Books > Computers & Internet > Certification Central > Exams > Security+
- Books > Computers & Internet > Computer Science > Artificial Intelligence > Neural Networks
- Books > Computers & Internet > Networking > Network Security
- Books > Computers & Internet > Networking > Networks, Protocols & APIs
- Books > Computers & Internet > Web Development > Programming > Ajax
- Books > Computers & Internet > Web Development > Web Services
- Books > New & Used Textbooks > Computer Science & Information Systems > Networking
Look for similar items by subject
Feedback
Would you like to update product info or give feedback on images?
|
