By Billy Hoffman, Bryan Sullivan
The Hands-On, functional consultant to combating Ajax-Related protection Vulnerabilities
More and extra sites are being rewritten as Ajax purposes; even conventional machine software program is quickly relocating to the net through Ajax. yet, all too usually, this transition is being made with reckless forget for protection. If Ajax purposes aren’t designed and coded appropriately, they are often prone to way more harmful safeguard vulnerabilities than traditional net or computing device software program. Ajax builders desperately desire assistance on securing their functions: wisdom that’s been nearly very unlikely to discover, until now.
Ajax Security systematically debunks today’s most deadly myths approximately Ajax safeguard, illustrating key issues with special case reviews of tangible exploited Ajax vulnerabilities, starting from MySpace’s Samy malicious program to MacWorld’s convention code validator. much more very important, it offers particular, up to the moment ideas for securing Ajax functions in every one significant internet programming language and surroundings, together with .NET, Java, personal home page, or even Ruby on Rails. You’ll find out how to:
· Mitigate precise hazards linked to Ajax, together with overly granular internet providers, program keep watch over circulation tampering, and manipulation of software logic
· Write new Ajax code extra safely—and establish and fasten flaws in latest code
· keep away from assaults in line with XSS and SQL Injection—including a deadly SQL Injection variation which can extract a whole backend database with simply requests
· Leverage defense equipped into Ajax frameworks like Prototype, Dojo, and ASP.NET AJAX Extensions—and realize what you continue to needs to enforce in your own
· Create safer “mashup” applications
Ajax Security could be an necessary source for builders coding or keeping Ajax purposes; architects and improvement managers making plans or designing new Ajax software program, and all software program safeguard execs, from QA experts to penetration testers.