Ajax applications should be open yet secure. Far too often security is added as an afterthought. Potential flaws need to be identified and addressed right away. This book explores Ajax and web application security with an eye for dangerous gaps and offers ways that you can plug them before they become a problem. By making security part of the process from the start, you will learn how to build secure Ajax applications and discover how to respond quickly when attacks occur. Securing Ajax Applications succinctly explains that the same back-and-forth communications that make Ajax so responsive also gives invaders new opportunities to gather data, make creative new requests of your server, and interfere with the communications between you and your customers. This book presents basic security techniques and examines vulnerabilities with JavaScript, XML, JSON, Flash, and other technologies -- vital information that will ultimately save you time and money. Topics include:

• An overview of the evolving web platform, including APIs, feeds, web services and asynchronous messaging

• Web security basics, including common vulnerabilities, common cures, state management and session management

• How to secure web technologies, such as Ajax, JavaScript, Java applets, Active X controls, plug-ins, Flash and Flex

• How to protect your server, including front-line defense, dealing with application servers, PHP and scripting

• Vulnerabilities among web standards such as HTTP, XML, JSON, RSS, ATOM, REST, and XDOS

• How to secure web services, build secure APIs, and make open mashups secure

Securing Ajax Applications takes on the challenges created by this new generation of web development, and demonstrates why web security isn't just for administrators and back-end programmers any more. It's also for web developers who accept the responsibility that comes with using the new wonders of the Web.

Amazon.com® Reader Reviews (Ranked by Helpfulness)

Average Amazon.com® Rating:  Based on 9 Ratings

The title should be "An Introducing To Web Security" - 2008-02-12
Reviewer Rating:
In its 211 pages, Christopher Wells written a good book with one bad feature: Barely speak about the title-theme. In my opinion, this book is a good guide to start your studies about web security. Its chapters covers issues like web-server security, secure ways to develop your applications, many demonstrations of threat exploits and how to protect your application to them.
My conclusion is: If you want start your studies in Web Security, go on and buy this book. If you already did this and want to learn specifically about AJAX Security, try other book, because this one won't help you so much.

The topic is too vast to be adequately addressed in a little book like this - 2008-03-29
Reviewer Rating:
The author is very smart and very knowledgeable, but the catchy book title is simply too vast a topic to be covered by a small book like this. There is a lot to be learned from this book, but it's mainly general knowledge about a vast array of topics that only vaguely fall under the AJAX category. Like "Javascript: the Good Parts", this book probably requires two or three readings to really appreciate it. Meanwhile, the first reading is not all that illuminating. For example, the samples of web security holes seem contrived and unlikely to occur in real life. Who actually writes a web application that lets the web browser client user choose the name and directory location of the file to download from the server? He even throws his hands up in the course of one topic and concludes there is no actual way to ensure security, given the poor architecture of the enabling technology.

Where's the Ajax? - 2009-02-09
Reviewer Rating:
Pros: this book makes a decent primer for intro web sec topics
Cons: Minimal Ajax content, meaning this tome was mis-titled.

Misleading title - little AJAX, more web security. Overall good book. - 2008-04-24
Reviewer Rating:
Okay, first what I liked in this book:
1. not many pages, which means it is psychologically acceptable. ;-)
2. excellent introduction to "web-security" (yeah, that's it).
3. simple, and clear explanation
4. nice introduction to the http protocol!

Now what could be improved?
1. change the title - well, it deals a very little with AJAX, so those who want highly technical stuff on AJAX will be disappointed.
2. nothing. :)

In my opinion, this was the *best* book on web security that I've read. It introduces you firmly to the subject, without pushing you too deep into any particular topic. Advanced readers obviously can build on what is presented here.

-Amarendra

Too specific a title for content that is far more general in nature... - 2008-04-19
Reviewer Rating:
Since Ajax is such a hot subject right now, I thought the book Securing Ajax Applications by Christopher Wells would be a worthwhile read. Unfortunately, that's a very specific title for a book that tries to cover far more ground than just Ajax security. When you get done, you'll have a better idea about web-based software and hardware security from an architecture level. But you'll probably still be wanting a book that specifically covers "Ajax" security.

Contents:
The Evolving Web; Web Security; Securing Web Technologies; Protecting the Server; A Weak Foundation; Securing Web Services; Building Secure APIs; Mashups; Index

The book starts out with the history of HTTP web communication, alternatives that developed over time (like Flash and applets) that would allow e-commerce, and then how Ajax stepped into the fray. All pretty general stuff, and probably already known if you're picking up this book as a means to refine what you already do with Ajax. The chapter on Securing Web Technologies talks about the types of attacks that can be carried out over the web. Again, you've likely covered all this before if you've been programming web apps for any length of time. From there, you learn about browser weaknesses using Microsoft's STRIDE model (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privileges). As before, it's good information about security, but still not what I would consider Ajax-specific. Protecting The Server gets into how to harden a HTTP server, but the same observation applies... not specific to Ajax. The last few chapters get into more of what I would consider Ajax topics, like web services, mashups, API's, etc. But even then, we're still in a position where the information can be characterized as applicable to far more than just Ajax usage.

I think most of the problem comes down to the title of the book. After all, that's what attracts you to pull it off the shelf and take a look. If the title was more generic, like Securing Web Applications or Web Environment Security, I'd feel that I was getting the content that the author "promised" in the title. But using Ajax in the title appeared to be an attempt to use a hot buzz word for a book that was more general than that.

Browse Similar Topics

Top Level Categories:
Internet/Online
Markup Languages
Programming
Security

Sub-Categories:
Internet/Online > Security
Markup Languages > XML
Programming > JavaScript
Security > Internet/Online