 |
Web 2.0 Security: Defending Ajax, RIA, And SOA View Larger Image | Shreeraj Shah
Charles River Media, Paperback, Bk&CD edition, Published December 2007, 432 pages, ISBN 1584505508 | List Price: $49.99
Our Price: $32.50
You Save: $17.49 (35% Off)
| | | Availability: Out-Of-Stock |
Customer Reviews: 1 Average Customer Rating:   Write a Review and tell the world about this title! People who purchase this book frequently purchase: Books on similar topics, in best-seller order:Books from the same publisher, in best-seller order:
SOA, RIA, and Ajax are the backbone behind the now widerspread Web 2.0 applications
such as MySpace, GoogleMaps, and Wikipedia. Although these robust tools make
next generation web applications possible, they also add new security concerns
to the field of web application security. Yamanner, Samy and Spaceflash type
worms are exploiting ?client-side? Ajax frameworks, providing new avenues of
attack and compromising confidential information. Portals like Google, NetFlix,
Yahoo and MySpace have witnessed new vulnerabilities in the past. These vulnerabilities
can be leveraged by attackers to perform Phishing, Cross-site Scripting (XSS)
and Cross-Site Request Forgery (XSRF) exploitation. Web 2.0 Security: Defending
Ajax, RIA, and SOA is the book to cover the new field of Web 2.0 security. Written
for intermediate-to-advanced security professionals and developers, the book
explores Web 2.0 hacking methods and helps in enhancing next generation security
controls for better application security posture. Readers will gain knowledge
in advanced footprinting and discovery techniques, Web 2.0 scanning and vulnerability
detection methods, Ajax and Flash hacking methods, SOAP, REST and XML-RPC hacking,
RSS/Atom feed attacks, fuzzing and code review methodologies and tools, tool
building with Python, Ruby and .NET, and much, much more. The book includes
a companion CD-ROM with tools, demos, samples, code, and images.
Benefits:
• Covers new Web 2.0 hacking methodology through hands-on examples and
case studies.
• Explains Ajax attack vectors and defense.
• Provides instruction on reverse-engineering for Flash and .NET based
applications and hacking methodologies for SOAP, XML-RPC and REST-based applications.
• Presents advanced Web 2.0 hacking methods including scanning, footprinting
and discovery.
• Covers dynamic DOM event management with Ruby.
• Explains Web 2.0 security assessment and defense tools and their usage.
• Contains a companion CD-ROM with tools, Flash-based demos and an abundance
of samples, code, and images.
Table of Contents
Section 1 - Web2.0 Introduction and Security
Chapter 1 Web 2.0 Apps - Introduction and Components
Chapter objectives
Web 2.0 introduction and security concerns
Web 2.0 application evolution and architecture - SOA, Ajax & RIA
Web 2.0 application information flow
Web 2.0 application - components, technologies & security
Conclusion References and readings
Chapter 2 Web 2.0 - Languages and Protocols
Chapter objectives
Web 2.0 application layers
Application server side languages
Application client side languages
Transport protocols
Information and data structures
Web 2.0 toolkits and frameworks
Conclusion
References and readings
Chapter 3 Security issues around Web 2.0
Chapter objectives
Web 2.0 attack points
Web 2.0 threats and its impacts
Web 2.0 Vulnerabilities and threat modeling
Web 2.0 analysis frameworks
Web 2.0 security controls
Conclusion
References and readings
Case Study 1 - BlueFlakes : Community portal Leveraging Web 2.0 and security
Section 2 - Web2.0 application profiling & vulnerability mapping
Chapter 4 Footprinting & Discovering Web 2.0 resources
Chapter objectives
Target (host) identification
Methods of application footprinting
XML services footprinting
Conclusion
References and readings
Chapter 5 Scanning and Vulnerability mapping for Web 2.0 apps
Chapter objectives
Crawling web application
Browsing the application and collecting information - Ajax calls
Identifying potential targets
Data exchange analysis and stream identification
Mapping resource for potential vulnerabilities
Conclusion
References and readings
Case Study 2 - BlueBank : Profiling Banking application -
Section 3 - Web2.0 Attack vectors and Countermeasure
Chapter 6 Ajax security
Chapter objectives
Ajax security issues
Ajax streams and information exchange
Ajax and DOM manipulation
Client side security vulnerabilities - XSS & XSRF with case
Ajax end points - server side issues
Countermeasure for Ajax security
Conclusion
References and readings
Chapter 7 Rich internet application security
Chapter objectives
RIA security issues
Flash based application and decoding
Reverse engineering the flash
Cross domain issues
Countermeasure for RIA security
Conclusion
References and readings
Chapter 8 SOA security - XML-RPC, REST & SOAP
Chapter objectives
SOA security issues
Entry points analysis for XML services
XML-RPC attacks
REST application attacks
SOAP based applications and security holes
Ajax interaction with XML services and security flaws
Countermeasures for XML services
Conclusion
References and readings
Chapter 9 Browser security & Web 2.0 Exploits
Chapter objectives
Browser security overview
Cross domain issues
Client side exploitation and engines
Defending and countermeasures
Conclusion
References and readings
Section 4 - Web 2.0 application testing and hardening
Chapter 10 Web 2.0 application fuzzing and vulnerability mapping
Chapter objectives
Web 2.0 application fuzzing
Building a tool to fuzz
Fuzzing web services
Fuzzing client side with streams
Vulnerability detection with fuzzing
Conclusion
References and readings
Chapter 11 Secure coding for Web 2.0 applications
Chapter objectives
Whitebox approach with code review
Building a code review tool
Secure coding with Web 2.0
Hardening Web 2.0 holes with code
Conclusion
References and readings
Chapter 12 Hardening Web 2.0 application with configurations and content
filtering
Chapter objectives
Deployment and configuration testing
Hardening configuration
Scanning tool for configuration
Content filtering concept
Filtering with Apache
Filtering with IIS
Browser filtering with javascripts
Conclusion
References and readings
Section 5 - Appendix
Customer Reviews
Customer Reviews: 1 Average Customer Rating: Jul 12, 2008 Techie Evan
Good Reference Book
Buy this book if you want to have decent information on tools to use for testing and defending your applications against various Web 2.0 security-related vulnerabilities. I deducted one star because I felt that some parts of the book were redundant and some concepts were not explained well, but overall I am quite happy with this book!
|
|
