Ajax Security
暫譯: Ajax 安全性
Billy Hoffman, Bryan Sullivan
- 出版商: Addison Wesley
- 出版日期: 2007-12-01
- 售價: $2,220
- 貴賓價: 9.5 折 $2,109
- 語言: 英文
- 頁數: 504
- 裝訂: Paperback
- ISBN: 0321491939
- ISBN-13: 9780321491930
-
相關分類:
Ajax、資訊安全
已絕版
買這商品的人也買了...
-
Linux 進化特區-Ubuntu 10.04 從入門到精通$580$464 -
深入淺出設計模式 (Head First Design Patterns)$880$695 -
Macromedia Dreamweaver 8: Training from the Source$2,050$1,948 -
Linux 驅動程式, 3/e (Linux Device Drivers, 3/e)$980$774 -
A Guide To The Project Management Body Of Knowledge, 3/e (Paperback)$1,590$1,511 -
$788IPv6 Essentials, 2/e (Paperback) -
C++ Primer, 4/e (中文版)$990$891 -
現代嵌入式系統開發專案實務-菜鳥成長日誌與專案經理的私房菜$600$480 -
蘋果專業訓練教材:Final Cut Pro 6 (Apple Pro Training Series: Final Cut Pro 6)$860$731 -
$460Network Simulation Experiments Manual, 2/e -
CCNA 認證教戰手冊 (CCNA: Cisco Certified Network Associate Study Guide (Exam 640-802), 6/e)$1,180$932 -
美麗程式-頂尖程式設計師的思考方式 (Beautiful Code: Leading Programmers Explain How They Think)$780$616 -
MIS 網路管理的工具箱$450$351 -
程式之美-微軟技術面試心得$490$417 -
T-SQL 問題解決實戰$580$458 -
大話設計模式$620$527 -
Short Coding 寫出簡潔好程式-短碼達人的心得技法$480$374 -
新觀念 Microsoft Visual Basic 2008 程式設計$550$435 -
全球最強 VMware vSphere 4 企業環境建構$860$731 -
Windows Server 2008 R2 虛擬化技術 Hyper-V R2$680$578 -
約耳趣談軟體-來自專案管理的現場實錄 (Joel on Software: And on Diverse and Occasionally Related Matters That Will Prove of Interest to Software Developers)$490$417 -
ASP.NET MVC 2 開發實戰$590$502 -
HTML5 & API 網頁程式設計$450$356 -
jQuery 開發範例大全 (jQuery 1.4 Reference Guide)$490$417 -
Silverlight 4 商業級應用程式開發 (Microsoft Silverlight 4 Business Application Development)$490$417
商品描述
The Hands-On, Practical Guide to Preventing Ajax-Related Security Vulnerabilities
More and more Web sites are being rewritten as Ajax applications; even traditional desktop software is rapidly moving to the Web via Ajax. But, all too often, this transition is being made with reckless disregard for security. If Ajax applications aren’t designed and coded properly, they can be susceptible to far more dangerous security vulnerabilities than conventional Web or desktop software. Ajax developers desperately need guidance on securing their applications: knowledge that’s been virtually impossible to find, until now.
Ajax Security systematically debunks today’s most dangerous myths about Ajax security, illustrating key points with detailed case studies of actual exploited Ajax vulnerabilities, ranging from MySpace’s Samy worm to MacWorld’s conference code validator. Even more important, it delivers specific, up-to-the-minute recommendations for securing Ajax applications in each major Web programming language and environment, including .NET, Java, PHP, and even Ruby on Rails. You’ll learn how to:
· Mitigate unique risks associated with Ajax, including overly granular Web services, application control flow tampering, and manipulation of program logic
· Write new Ajax code more safely—and identify and fix flaws in existing code
· Prevent emerging Ajax-specific attacks, including JavaScript hijacking and persistent storage theft
· Avoid attacks based on XSS and SQL Injection—including a dangerous SQL Injection variant that can extract an entire backend database with just two requests
· Leverage security built into Ajax frameworks like Prototype, Dojo, and ASP.NET AJAX Extensions—and recognize what you still must implement on your own
· Create more secure “mashup” applications
Ajax Security will be an indispensable resource for developers coding or maintaining Ajax applications; architects and development managers planning or designing new Ajax software, and all software security professionals, from QA specialists to penetration testers.
商品描述(中文翻譯)
《實用的 Ajax 安全漏洞預防指南》
越來越多的網站正在被重寫為 Ajax 應用程式;即使是傳統的桌面軟體也正在迅速透過 Ajax 移向網路。然而,這一轉變往往對安全性漠不關心。如果 Ajax 應用程式沒有正確設計和編碼,它們可能會受到比傳統網頁或桌面軟體更危險的安全漏洞的影響。Ajax 開發者迫切需要有關保護其應用程式的指導:這些知識在此之前幾乎無法獲得,直到現在。
Ajax Security 系統性地揭穿了當今有關 Ajax 安全的最危險神話,並通過詳細的案例研究來說明關鍵點,這些案例研究涵蓋了從 MySpace 的 Samy 蠕蟲到 MacWorld 的會議代碼驗證器的實際被利用的 Ajax 漏洞。更重要的是,它提供了針對每個主要網頁程式語言和環境(包括 .NET、Java、PHP,甚至 Ruby on Rails)保護 Ajax 應用程式的具體、最新建議。您將學會如何:
· 減輕與 Ajax 相關的獨特風險,包括過於細粒度的網路服務、應用程式控制流程篡改和程式邏輯操控
· 更安全地編寫新的 Ajax 代碼,並識別和修復現有代碼中的缺陷
· 防止新興的 Ajax 特定攻擊,包括 JavaScript 劫持和持久性存儲盜竊
· 避免基於 XSS 和 SQL 注入的攻擊——包括一種危險的 SQL 注入變體,僅需兩個請求即可提取整個後端數據庫
· 利用內建於 Ajax 框架(如 Prototype、Dojo 和 ASP.NET AJAX 擴展)中的安全性——並認識到您仍需自行實施的內容
· 創建更安全的「混合」應用程式
Ajax Security 將成為編寫或維護 Ajax 應用程式的開發者、規劃或設計新 Ajax 軟體的架構師和開發經理,以及所有軟體安全專業人士(從 QA 專家到滲透測試人員)不可或缺的資源。
