×

Uh-oh, it looks like your Internet Explorer is out of date.

For a better shopping experience, please upgrade now.

Web 2.0 Security - Defending AJAX, RIA, AND SOA / Edition 1
     

Web 2.0 Security - Defending AJAX, RIA, AND SOA / Edition 1

5.0 1
by Shreeraj Shah
 

ISBN-10: 1584505508

ISBN-13: 9781584505501

Pub. Date: 12/04/2007

Publisher: Cengage Learning


Service-Oriented Architecure (SOA), Rich Internet Applications (RIA), and Asynchronous Java and eXtended Markup Language (Ajax) comprise the backbone behind now-widespread Web 2.0 applications, such as MySpace, Google Maps, Flickr, and Live.com. Although these robust tools make next-generation Web applications possible, they also add new security concerns to the

Overview


Service-Oriented Architecure (SOA), Rich Internet Applications (RIA), and Asynchronous Java and eXtended Markup Language (Ajax) comprise the backbone behind now-widespread Web 2.0 applications, such as MySpace, Google Maps, Flickr, and Live.com. Although these robust tools make next-generation Web applications possible, they also add new security concerns to the fi eld of Web application security. Yamanner-, Sammy-, and Spaceflash-type worms are exploiting client-side Ajax frameworks, providing new avenues of attack, and compromising confidential information. Portals such as Google, Netflix, Yahoo, and MySpace have witnessed new vulnerabilities recently, and these vulnerabilities can be leveraged by attackers to perform phishing, cross-site scripting (XSS), and cross-site request forgery (CSRF) exploitation. Web 2.0 Security: Defending Ajax, RIA, and SOA covers the new field of Web 2.0 security. Written for security professionals and developers, the book explores Web 2.0 hacking methods and helps enhance next-generation security controls for better application security. Readers will gain knowledge in advanced footprinting and discovery techniques; Web 2.0 scanning and vulnerability detection methods; Ajax and Flash hacking methods; SOAP, REST, and XML-RPC hacking; RSS/Atom feed attacks; fuzzing and code review methodologies and tools; and tool building with Python, Ruby, and .NET. Whether you're a computer security professional, a developer, or an administrator, Web 2.0 Security: Defending Ajax, RIA, and SOA is the only book you will need to prevent new Web 2.0 security threats from harming your network and compromising your data.

Product Details

ISBN-13:
9781584505501
Publisher:
Cengage Learning
Publication date:
12/04/2007
Edition description:
New Edition
Pages:
384
Product dimensions:
7.40(w) x 9.20(h) x 1.30(d)

Table of Contents


SECTION 1 - WEB2.0 INTRODUCTION AND SECURITY Chapter 1 Web 2.0 Apps - Introduction and Components Chapter objectives Web 2.0 introduction and security concerns Web 2.0 application evolution and architecture - SOA, Ajax & RIA Web 2.0 application information flow Web 2.0 application - components, technologies & security Conclusion References and readings Chapter 2 Web 2.0 - Languages and Protocols Chapter objectives Web 2.0 application layers Application server side languages Application client side languages Transport protocols Information and data structures Web 2.0 toolkits and frameworks Conclusion References and readings Chapter 3 Security issues around Web 2.0 Chapter objectives Web 2.0 attack points Web 2.0 threats and its impacts Web 2.0 Vulnerabilities and threat modeling Web 2.0 analysis frameworks Web 2.0 security controls Conclusion References and readings Case Study 1 - BlueFlakes : Community portal Leveraging Web 2.0 and security SECTION 2 - WEB2.0 APPLICATION PROFILING & VULNERABILITY MAPPING Chapter 4 Footprinting & Discovering Web 2.0 resources Chapter objectives Target (host) identification Methods of application footprinting XML services footprinting Conclusion References and readings Chapter 5 Scanning and Vulnerability mapping for Web 2.0 apps Chapter objectives Crawling web application Browsing the application and collecting information - Ajax calls Identifying potential targets Data exchange analysis and stream identification Mapping resource for potential vulnerabilities Conclusion References and readings Case Study 2 - BlueBank : Profiling Banking application - SECTION 3 - WEB2.0 ATTACK VECTORS AND COUNTERMEASURE Chapter 6 Ajax security Chapter objectives Ajax security issues Ajax streams and information exchange Ajax and DOM manipulation Client side security vulnerabilities - XSS & XSRF with case Ajax end points - server side issues Countermeasure for Ajax security Conclusion References and readings Chapter 7 Rich internet application security Chapter objectives RIA security issues Flash based application and decoding Reverse engineering the flash Cross domain issues Countermeasure for RIA security Conclusion References and readings Chapter 8 SOA security - XML-RPC, REST & SOAP Chapter objectives SOA security issues Entry points analysis for XML services XML-RPC attacks REST application attacks SOAP based applications and security holes Ajax interaction with XML services and security flaws Countermeasures for XML services Conclusion References and readings Chapter 9 Browser security & Web 2.0 Exploits Chapter objectives Browser security overview Cross domain issues Client side exploitation and engines Defending and countermeasures Conclusion References and readings SECTION 4 - WEB 2.0 APPLICATION TESTING AND HARDENING Chapter 10 Web 2.0 application fuzzing and vulnerability mapping Chapter objectives Web 2.0 application fuzzing Building a tool to fuzz Fuzzing web services Fuzzing client side with streams Vulnerability detection with fuzzing Conclusion References and readings Chapter 11 Secure coding for Web 2.0 applications Chapter objectives Whitebox approach with code review Building a code review tool Secure coding with Web 2.0 Hardening Web 2.0 holes with code Conclusion References and readings Chapter 12 Hardening Web 2.0 application with configurations and content filtering Chapter objectives Deployment and configuration testing Hardening configuration Scanning tool for configuration Content filtering concept Filtering with Apache Filtering with IIS Browser filtering with javascripts Conclusion References and readings SECTION 5 - APPENDIX

Customer Reviews

Average Review:

Post to your social network

     

Most Helpful Customer Reviews

See all customer reviews

Web 2.0 Security - Defending AJAX, RIA, AND SOA 5 out of 5 based on 0 ratings. 1 reviews.
Guest More than 1 year ago
Are you a security- professional or developer? If you are, this book is for you! Author Shreeraj Shah, has done an outstanding job of writing a great book that explores Web 2.0 hacking methods. Shah, begins by covering real life Web 2.0 applications that offer a better perspective on the overall infrastructure. Next, the author focuses on the overall Web 2.0 changes and their impact on security. Then, he discusses Web services footprinting and identifies access points for SOA as well as an understanding of application discovery and profiling to identify internal Web 2.0 resources. The author continues by discussing the XSS attack vector and its security implications for Web 2.0 applications. In addition, the author explores the security concerns growing around RSS, mashup, and widgets. He also provides an overview of SOA and the security concerns associated with it. Next, the author takes a look at ModSecurity for Apache and IhttpModule for the .NET framework, as well as some tricks with which you can identify Ajax-based requests and act upon them on the server side. Finally, he covers some interesting tools, techniques, references, and cheat sheets. This most excellent book addresses several critical aspects of Web 2.0 security/. What¿s most important though, is that this book addresses in detail both tactical attack vectors and defense strategies, while focussing on web 2.0.