Sebastopol, CA--"Deciding to add security to a web application is like deciding whether to wear clothes in the morning, " writes security expert Christopher Wells. "Both decisions provide comfort and protection throughout the day, and in both cases the decisions are better made beforehand rather than later."
In his new book--Securing Ajax Applications (O'Reilly, $49.99)--Wells explains: "If your application is on the Internet, it is on the front lines of your network. It is like a door to the outside world that allows visitors to come in and check out whatever you have to offer. Your application needs to be secure and you need to be aware of the dangers an application can open to your network."
That's why Wells aims to teach web developers and programmers how to make vital security decisions before problems arise. And throughout his new book, Wells also systematically explores methods for maintaining web application security in today's open and creative Web 2.0 environment. And he details how to locate gaps and what to do to plug vulnerabilities before attackers take advantage of them.
Securing Ajax Applications covers basic security techniques and examines vulnerabilities with JavaScript, XML, JSON, Flash, and other technologies. Wells, also, clearly and succinctly explains how the same back-and-forth communication that makes Ajax so responsive also gives invaders new opportunities to gather data, make creative new requests of a server, and interfere with exchanges between websites and their visitors. This timely resource teaches developers how to build secure Ajax applications.
Topics include:
- An overview of the evolving web platform, including APIs, feeds, web services, and asynchronous messaging
- Web security basics, including common vulnerabilities, common cures, state management, and session management
- How to secure web technologies, such as Ajax, JavaScript, Java applets, Active X controls, plug-ins, Flash, and Flex
- How to protect your server, including front-line defense, dealing with application servers, PHP, and scripting
- Vulnerabilities among web standards such as HTTP, XML, JSON, RSS, ATOM, REST, and XDOS
- How to secure web services, build secure APIs, and make open mashups secure
Wells convincingly demonstrates why web security isn't just for administrators and backend programmers. Indeed, web applications don't have security guards to protect them. And there is no enforcer to beat the living bytes out of would-be attackers. Today it's up to web developers everywhere to build security into their applications.
"For applications to succeed they must have our trust," Wells says. "Trust should be earned." Wells urges developers to use security as their distinction --and "Securing Ajax Applications" shows them how.
Christopher Wells has deployed security solutions for major healthcare, telecommunication, and financial industries, and is currently employed as an Information Security Consultant for a major financial institution. He is an accomplished applications security architect with over 10 years of application security experience. Christopher holds multiple security certifications including a Certified Information Security Systems Professional (CISSP).
More information about the book, including table of contents, index, author bio, and samples
Securing Ajax Applications: Ensuring the Safety of the Dynamic Web
Christopher Wells
ISBN: 0-596-52931-7, $44.99 USD
order@oreilly.com
1-800-998-9938; 1-707-827-7000
About O’Reilly
O’Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O’Reilly Media has been a chronicler and catalyst of cutting-edge development, homing in on the technology trends that really matter and spurring their adoption by amplifying “faint signals” from the alpha geeks who are creating the future. An active participant in the technology community, the company has a long history of advocacy, meme-making, and evangelism.