Ajax applications should be open yet secure. Far too often security is added as an afterthought. Potential flaws need to be identified and addressed right away. This book explores Ajax and web application security with an eye for dangerous gaps and offers ways that you can plug them before they become a problem. By making security part of the process from the start, you will learn how to build secure Ajax applications and discover how to respond quickly when attacks occur. Securing Ajax Applications succinctly explains that the same back-and-forth communications that make Ajax so responsive also gives invaders new opportunities to gather data, make creative new requests of your server, and interfere with the communications between you and your customers. This book presents basic security techniques and examines vulnerabilities with JavaScript, XML, JSON, Flash, and other technologies -- vital information that will ultimately save you time and money. Topics include:
- An overview of the evolving web platform, including APIs, feeds, web services and asynchronous messaging
- Web security basics, including common vulnerabilities, common cures, state management and session management
- How to secure web technologies, such as Ajax, JavaScript, Java applets, Active X controls, plug-ins, Flash and Flex
- How to protect your server, including front-line defense, dealing with application servers, PHP and scripting
- Vulnerabilities among web standards such as HTTP, XML, JSON, RSS, ATOM, REST, and XDOS
- How to secure web services, build secure APIs, and make open mashups secure