LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Announcements page

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Securing Ajax Applications--New from O'Reilly

[Posted July 16, 2007 by cook]

From:  "Sara Peyton" <peyton-AT-oreilly.com>
To:  lwn-AT-lwn.net
Subject:  Securing Ajax Applications--New from O'Reilly
Date:  Mon, 16 Jul 2007 02:59:00 -0700

***For Immediate Release***

For more information, a review copy, cover art, or interview 
with the author, contact: Sara Peyton (707) 827-7118 or peyton@oreilly.com

"Securing Ajax Applications"--New from O'Reilly
Checks and Balances for Greater Security

Sebastopol, CA--"Deciding to add security to a web application is like deciding 
whether to wear clothes in the morning, " writes security expert Christopher Wells. "Both 
decisions provide comfort and protection throughout the day, and in both cases 
the decisions are better made beforehand rather than later."

In his new book--"Securing Ajax Applications" (O'Reilly, $49.99)--Wells 
explains: "If your application is on the Internet, it is on the front lines 
of your network. It is like a door to the outside world that allows visitors 
to come in and check out whatever you have to offer. Your application needs to 
be secure and you need to be aware of the dangers an application can open to 
your network."

That's why Wells aims to teach web developers and programmers how to make 
vital security decisions before problems arise. And throughout his new book, 
Wells also systematically explores methods for maintaining web application 
security in today's open and creative Web 2.0 environment. And he details how 
to locate gaps and what to do to plug vulnerabilities before attackers take 
advantage of them.

"Securing Ajax Applications" covers basic security techniques and examines 
vulnerabilities with JavaScript, XML, JSON, Flash, and other technologies. 
Wells, also, clearly and succinctly explains how the same back-and-forth 
communication that makes Ajax so responsive also gives invaders new 
opportunities to gather data, make creative new requests of a server, and 
interfere with exchanges between websites and their visitors. This timely 
resource teaches developers how to build secure Ajax applications.

Topics include:

-An overview of the evolving web platform, including APIs, feeds, web services, 
 and asynchronous messaging

-Web security basics, including common vulnerabilities, common cures, state 
 management, and session management

-How to secure web technologies, such as Ajax, JavaScript, Java applets, 
 Active X controls, plug-ins, Flash, and Flex

-How to protect your server, including front-line defense, dealing with 
 application servers, PHP, and scripting

-Vulnerabilities among web standards such as HTTP, XML, JSON, RSS, ATOM, 
 REST, and XDOS

-How to secure web services, build secure APIs, and make open mashups secure

Wells convincingly demonstrates why web security isn't just for administrators 
and backend programmers. Indeed, web applications don't have security guards 
to protect them. And there is no enforcer to beat the living bytes out of 
would-be attackers. Today it's up to web developers everywhere to build security 
into their applications.

"For applications to succeed they must have our trust," Wells says. "Trust 
should be earned." Wells urges developers to use security as their distinction
--and "Securing Ajax Applications" shows them how.

Christopher Wells has deployed security solutions for major healthcare, 
telecommunication, and financial industries, and is currently employed as 
an Information Security Consultant for a major financial institution. He 
is an accomplished applications security architect with over 10 years of 
application security experience. Christopher holds multiple security 
certifications including a Certified Information Security Systems 
Professional (CISSP).

For more information about the book, including table of contents, index,
author bio, and samples, see:

http://www.oreilly.com/catalog/9780596529314

Securing Ajax Applications: Ensuring the Safety of the Dynamic Web
Christopher Wells
ISBN: 0-596-52931-7, $44.99 USD
order@oreilly.com
1-800-998-9938
1-707-827-7000
http://www.oreilly.com
1005 Gravenstein Highway North
Sebastopol, CA 95472

About O'Reilly
O'Reilly Media spreads the knowledge of innovators through its books, 
online services, magazines, and conferences. Since 1978, O'Reilly Media 
has been a chronicler and catalyst of cutting-edge development, homing in 
on the technology trends that really matter and spurring their adoption by 
amplifying "faint signals" from the alpha geeks who are creating the future. 
An active participant in the technology community, the company has a long 
history of advocacy, meme-making, and evangelism.

# # #
(Log in to post comments)

Copyright © 2007, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds