買這商品的人也買了...
-
$650$514 -
$520$411 -
$600$199 -
$650$553 -
$650$507 -
$680$578 -
$550$468 -
$390$332 -
$690$545 -
$980$774 -
$720$569 -
$480$379 -
$1,200$948 -
$680$537 -
$880$695 -
$720$569 -
$750$593 -
$290$226 -
$1,200$948 -
$600$480 -
$480$379 -
$450$351 -
$620$527 -
$980$774 -
$179JSON必知必會/圖靈程序設計叢書
相關主題
商品描述
Description
Ajax applications should be open yet secure. Far too often security is added as an afterthought. Potential flaws need to be identified and addressed right away. This book explores Ajax and web application security with an eye for dangerous gaps and offers ways that you can plug them before they become a problem. By making security part of the process from the start, you will learn how to build secure Ajax applications and discover how to respond quickly when attacks occur.
Securing Ajax Applications succinctly explains that the same back-and-forth communications that make Ajax so responsive also gives invaders new opportunities to gather data, make creative new requests of your server, and interfere with the communications between you and your customers. This book presents basic security techniques and examines vulnerabilities with JavaScript, XML, JSON, Flash, and other technologies -- vital information that will ultimately save you time and money.
Topics include:
- An overview of the evolving web platform, including APIs, feeds, web services and asynchronous messaging
- Web security basics, including common vulnerabilities, common cures, state management and session management
- How to secure web technologies, such as Ajax, JavaScript, Java applets, Active X controls, plug-ins, Flash and Flex
- How to protect your server, including front-line defense, dealing with application servers, PHP and scripting
- Vulnerabilities among web standards such as HTTP, XML, JSON, RSS, ATOM, REST, and XDOS
- How to secure web services, build secure APIs, and make open mashups secure
Securing Ajax Applications takes on the challenges created by this new generation of web development, and demonstrates why web security isn't just for administrators and back-end programmers any more. It's also for web developers who accept the responsibility that comes with using the new wonders of the Web.
Table of Contents
Preface
1. The Evolving Web
The Rise of the Web
2. Web Security
Security Basics
Risk Analysis
Common Web Application Vulnerabilities
3. Securing Web Technologies
How Web Sites Communicate
Browser Security
Browser Plug-ins, Extensions, and Add-ons
4. Protecting the Server
Network Security
Host Security
Web Server Hardening
Application Server Hardening
5. A Weak Foundation
HTTP Vulnerabilities
The Threats
JSON
XML
RSS
Atom
REST
6. Securing Web Services
Web Services Overview
Security and Web Services
Web Service Security
7. Building Secure APIs
Building Your Own APIs
Preconditions
Postconditions
Invariants
Security Concerns
RESTful Web Services
8. Mashups
Web Applications and Open Internet APIs
Wild Web 2.0
Mashups and Security
Open Versus Secure
A Security Blanket
Case Studies
Index
商品描述(中文翻譯)
**描述**
Ajax 應用程式應該是開放但又安全的。安全性往往被視為事後補救的措施。潛在的缺陷需要立即被識別和解決。本書探討了 Ajax 和網頁應用程式的安全性,著眼於危險的漏洞,並提供在問題發生之前可以修補這些漏洞的方法。通過從一開始就將安全性納入過程中,您將學會如何構建安全的 Ajax 應用程式,並發現如何在攻擊發生時迅速做出反應。
《Securing Ajax Applications》簡明扼要地解釋了使 Ajax 反應迅速的雙向通信同時也為入侵者提供了新的機會來收集數據、對您的伺服器提出創新的請求,並干擾您與客戶之間的通信。本書介紹了基本的安全技術,並檢視了 JavaScript、XML、JSON、Flash 和其他技術的漏洞——這些都是最終將為您節省時間和金錢的重要資訊。
主題包括:
- 漸進式網頁平台的概述,包括 API、資料流、網頁服務和非同步消息傳遞
- 網頁安全基礎,包括常見漏洞、常見解決方案、狀態管理和會話管理
- 如何保護網頁技術,如 Ajax、JavaScript、Java 小應用程式、Active X 控制項、插件、Flash 和 Flex
- 如何保護您的伺服器,包括前線防禦、處理應用伺服器、PHP 和腳本
- 網頁標準中的漏洞,如 HTTP、XML、JSON、RSS、ATOM、REST 和 XDOS
- 如何保護網頁服務、構建安全的 API,並使開放的混合應用安全
《Securing Ajax Applications》面對這一新一代網頁開發所帶來的挑戰,並展示了為什麼網頁安全不再僅僅是管理員和後端程式設計師的責任。它同樣適用於接受使用網路新奇事物所帶來的責任的網頁開發人員。
**目錄**
前言
1. 漸進式網頁
- 網頁的崛起
2. 網頁安全
- 安全基礎
- 風險分析
- 常見網頁應用程式漏洞
3. 保護網頁技術
- 網頁如何通信
- 瀏覽器安全
- 瀏覽器插件、擴展和附加元件
4. 保護伺服器
- 網路安全
- 主機安全
- 網頁伺服器加固
- 應用伺服器加固
5. 脆弱的基礎
- HTTP 漏洞
- 威脅
- JSON
- XML
- RSS
- Atom
- REST
6. 保護網頁服務
- 網頁服務概述
- 安全與網頁服務
- 網頁服務安全
7. 構建安全的 API
- 構建您自己的 API
- 前置條件
- 後置條件
- 不變條件
- 安全考量
- RESTful 網頁服務
8. 混合應用
- 網頁應用程式和開放的網際網路 API
- 瘋狂的 Web 2.0
- 混合應用與安全
- 開放與安全
- 安全保障
- 案例研究
索引