Securing Ajax applications
Ajax applications should be open yet secure. Far too often security is added as an afterthought. Potential flaws need to be identified and addressed right away. This book explores Ajax and web application security with an eye for dangerous gaps and offers ways that you can plug them before they bec...
| Autor principal: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Beijing ; Sebastopol, California :
O'Reilly
2007.
|
| Edición: | First edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009627005606719 |
Tabla de Contenidos:
- Securing Ajax Applications; Assumptions This Book Makes; Contents of This Book; Conventions Used in This Book; Using Code Examples; How to Contact Us; Safari® Enabled; Acknowledgments; 1. The Evolving Web; 1.1.2. HTTP Transactions; 1.1.3. The response; 1.1.4. HTTP Methods; 1.1.4.2. Idempotent methods; 1.1.5. HTTP Response; 1.1.5.2. 2xx success codes; 1.1.5.3. 3xx redirection codes; 1.1.5.4. 4xx client error codes; 1.1.5.5. 5xx server error codes; 1.1.6. HTTP Headers; 1.1.6.2. Request headers; 1.1.6.3. Response headers; 1.1.6.4. Entity headers; 1.1.6.5. Content headers
- 1.1.7. Message or Entity Body1.1.8. HTML; 1.1.9. Mosaic and Netscape; 1.1.10. The Browser Wars; 1.1.11. Plug-ins, ActiveX, Applets, and JavaScript, Flash; 1.1.11.2. ActiveX; 1.1.11.3. Flash; 1.1.12. The Dot-Com Bubble; 1.1.13. Web Servers; 1.1.13.2. Apache; 1.1.13.3. Microsoft&s Internet Information Server (IIS); 1.1.14. e-commerce; 1.1.14.2. Application servers; 1.1.14.3. Commercials for Internet companies; 1.1.15. Pop!; 1.1.16. The Hero, Ajax; 1.1.16.2. XMLHttpRequest; 1.1.16.3. XMLHttpRequest life cycle; 1.1.17. What Is an API?; 1.1.17.2. Security problem
- 1.1.17.3. Solution: The Google Maps API1.1.18. Why Worry?; 1.1.18.2. Rapid application development (RAD); 1.1.18.3. Software development life cycle (SDLC); 1.1.18.4. CCPD; 1.1.19. For More Information; 2. Web Security; 2.1.1.2. Subjects; 2.1.1.3. Objects; 2.1.1.4. Operations; 2.1.1.5. Surface area; 2.1.1.6. Confidentiality; 2.1.1.7. Privacy; 2.1.1.8. Encryption; 2.1.1.9. Integrity/validation; 2.1.1.10. Authentication; 2.1.1.11. Authorization and access control; 2.1.1.12. Separation of duties; 2.1.1.13. Nonrepudiation; 2.1.1.14. Availability; 2.1.1.15. Trust; 2.2. Risk Analysis
- 2.2.1.2. Trust level2.2.1.3. Assets; 2.2.1.4. Threats and attack path; 2.2.1.5. Think like an attacker; 2.2.2. Threat Profiling; 2.3. Common Web Application Vulnerabilities; 2.3.2. Unvalidated Input; 2.3.2.2. Client-side validation; 2.3.2.3. Fuzzing; 2.3.3. Broken Access Control; 2.3.4. Broken Authentication and Session Management; 2.3.4.2. Login credentials; 2.3.4.3. Administrative interfaces; 2.3.4.4. Session management; 2.3.4.5. Don&t let an old caller back in; 2.3.5. Cross-Site Scripting (XSS); 2.3.6. Buffer Overflow; 2.3.7. Injection Flaws; 2.3.8. Improper Error Handling
- 2.3.9. Insecure Storage2.3.10. Application Denial of Service; 2.3.11. Insecure Configuration Management; 2.3.12. Other Vulnerabilities; 2.3.13. For More Information; 3. Securing Web Technologies; 3.1.2. Server to Server Communications; 3.1.3. Domain to Domain (Cross-Domain) Communications; 3.1.3.2. JSON; 3.1.3.3. Web services; 3.2. Browser Security; 3.2.2. Web Security Controls; 3.2.2.2. Encrypting data with symmetric encryption; 3.2.2.3. The browser&s same-origin policy; 3.2.3. Client-Side Data and Managing State; 3.2.3.2. Cookies and HTTP headers; 3.2.3.3. URL rewriting
- 3.2.4. Protecting Data in Transit
