Securing Ajax Applications: Ensuring the Safety of the Dynamic Web (保護Ajax應用程式:確保動態網路的安全性)

Christopher Wells

  • 出版商: O'Reilly
  • 出版日期: 2007-07-21
  • 定價: $1,750
  • 售價: 1.7$299
  • 語言: 英文
  • 頁數: 256
  • 裝訂: Paperback
  • ISBN: 0596529317
  • ISBN-13: 9780596529314
  • 相關分類: Ajax
  • 立即出貨

買這商品的人也買了...

相關主題

商品描述

Description

Ajax applications should be open yet secure. Far too often security is added as an afterthought. Potential flaws need to be identified and addressed right away. This book explores Ajax and web application security with an eye for dangerous gaps and offers ways that you can plug them before they become a problem. By making security part of the process from the start, you will learn how to build secure Ajax applications and discover how to respond quickly when attacks occur.

Securing Ajax Applications succinctly explains that the same back-and-forth communications that make Ajax so responsive also gives invaders new opportunities to gather data, make creative new requests of your server, and interfere with the communications between you and your customers. This book presents basic security techniques and examines vulnerabilities with JavaScript, XML, JSON, Flash, and other technologies -- vital information that will ultimately save you time and money.

Topics include:

  • An overview of the evolving web platform, including APIs, feeds, web services and asynchronous messaging
  • Web security basics, including common vulnerabilities, common cures, state management and session management
  • How to secure web technologies, such as Ajax, JavaScript, Java applets, Active X controls, plug-ins, Flash and Flex
  • How to protect your server, including front-line defense, dealing with application servers, PHP and scripting
  • Vulnerabilities among web standards such as HTTP, XML, JSON, RSS, ATOM, REST, and XDOS
  • How to secure web services, build secure APIs, and make open mashups secure

Securing Ajax Applications takes on the challenges created by this new generation of web development, and demonstrates why web security isn't just for administrators and back-end programmers any more. It's also for web developers who accept the responsibility that comes with using the new wonders of the Web.

Table of Contents

Preface

1. The Evolving Web

     The Rise of the Web

2. Web Security

     Security Basics

     Risk Analysis

     Common Web Application Vulnerabilities

3. Securing Web Technologies

     How Web Sites Communicate

     Browser Security

     Browser Plug-ins, Extensions, and Add-ons

4. Protecting the Server

     Network Security

     Host Security

     Web Server Hardening

     Application Server Hardening

5. A Weak Foundation

     HTTP Vulnerabilities

     The Threats

     JSON

     XML

     RSS

     Atom

     REST

6. Securing Web Services

     Web Services Overview

     Security and Web Services

     Web Service Security

7. Building Secure APIs

     Building Your Own APIs

     Preconditions

     Postconditions

     Invariants

     Security Concerns

     RESTful Web Services

8. Mashups

     Web Applications and Open Internet APIs

     Wild Web 2.0

     Mashups and Security

     Open Versus Secure

     A Security Blanket

     Case Studies

Index

商品描述(中文翻譯)

描述

Ajax應用程式應該是開放且安全的。往往安全性被當作事後補救。應該立即識別並解決潛在的漏洞。本書探討了Ajax和網頁應用程式安全性,並關注危險的漏洞,提供了在它們成為問題之前如何修補它們的方法。通過從一開始就將安全性納入流程,您將學習如何構建安全的Ajax應用程式,並在攻擊發生時快速做出反應。

《Securing Ajax Applications》簡明扼要地解釋了使Ajax如此靈敏的來回通訊也為入侵者提供了新的機會,他們可以收集數據、對您的伺服器提出創造性的新請求,並干擾您和客戶之間的通訊。本書介紹了基本的安全技術,並檢查了JavaScript、XML、JSON、Flash和其他技術的漏洞,這些重要的信息最終將為您節省時間和金錢。

主題包括:
- 不斷演進的網頁平台概述,包括API、資料源、網頁服務和非同步通訊
- 網頁安全基礎知識,包括常見漏洞、常見解決方法、狀態管理和會話管理
- 如何保護Ajax、JavaScript、Java小程式、Active X控制項、插件、Flash和Flex等網頁技術的安全性
- 如何保護伺服器,包括前線防禦、處理應用程式伺服器、PHP和腳本
- HTTP、XML、JSON、RSS、ATOM、REST和XDOS等網頁標準的漏洞
- 如何保護網頁服務,構建安全的API和確保開放的混搭安全

《Securing Ajax Applications》應對這一新一代網頁開發所帶來的挑戰,並展示了為什麼網頁安全不再僅僅是管理員和後端程式設計師的事情。它也是網頁開發人員的責任,他們使用網頁的新奇之處。

目錄

前言
1. 不斷演進的網頁
2. 網頁安全
3. 保護網頁技術
4. 保護伺服器
5. 脆弱的基礎