当前位置: 首页 > 资源下载 > Web开发 > 查看资源

资源分类
Web开发
Java
.NET
编程语言
数据库
软件工程
图形动画
系统管理
网络通信安全
计算机理论
考试认证
人文百科
文档手册
硬件技术
办公软件

Web 2.0 Security – Defending AJAX, RIA, AND SOA

Web 2.0 Security – Defending AJAX, RIA, AND SOA

书名:Web 2.0 Security – Defending AJAX, RIA, AND SOA

上传:石头

时间:2009-09-01

文件大小:3.25 MB

资源出处:查看资源出处 >>

收藏到网摘: n/a



作者:Shreeraj Shah
出版日期:December 4, 2007
出版社:其它
页数:365
ISBN:ISBN-10: 1584505508 ISBN-13: 978-1584505501
文件格式:PDF


Product Description
Service-Oriented Architecure (SOA), Rich Internet Applications (RIA),and Asynchronous Java and eXtended Markup Language (Ajax) comprise thebackbone behind now-widespread Web 2.0 applications, such as MySpace,Google Maps, Flickr, and Live.com. Although these robust tools makenext-generation Web applications possible, they also add new securityconcerns to the fi eld of Web application security. Yamanner-, Sammy-,and Spaceflash-type worms are exploiting client-side Ajax frameworks,providing new avenues of attack, and compromising confidentialinformation. Portals such as Google, Netflix, Yahoo, and MySpace havewitnessed new vulnerabilities recently, and these vulnerabilities canbe leveraged by attackers to perform phishing, cross-site scripting(XSS), and cross-site request forgery (CSRF) exploitation. Web 2.0Security: Defending Ajax, RIA, and SOA covers the new field of Web 2.0security. Written for security professionals and developers, the bookexplores Web 2.0 hacking methods and helps enhance next-generationsecurity controls for better application security. Readers will gainknowledge in advanced footprinting and discovery techniques; Web 2.0scanning and vulnerability detection methods; Ajax and Flash hackingmethods; SOAP, REST, and XML-RPC hacking; RSS/Atom feed attacks;fuzzing and code review methodologies and tools; and tool building withPython, Ruby, and .NET. Whether you’re a computer securityprofessional, a developer, or an administrator, Web 2.0 Security:Defending Ajax, RIA, and SOA is the only book you will need to preventnew Web 2.0 security threats from harming your network and compromisingyour data.
About the Author
Shreeraj Shah, B.E., MSCS, MBA, is a co-founder of Blueinfy andSecurityExposure, companies that provide application security and OnDemand Scanning services. Prior to founding Blueinfy, he was founderand board member at Net Square. He also worked with Foundstone(McAfee), Chase Manhattan Bank, and IBM in information security.Shreeraj has played an instrumental role in product development,researching new methodologies, and training designs. He has performedseveral security consulting assignments in the area of penetrationtesting, code reviews, web application assessments, securityarchitecture reviews, and managing projects (Products/Services). He isthe author of Web 2.0 Security (Cengage Learning, 2007), Hacking WebServices (Thomson Learning, 2006), and Web Hacking: Attacks and Defense(Addison-Wesley, 2002). In addition, he has published severaladvisories, tools, and whitepapers, and has presented at numerousconferences including RSA, AusCERT, InfosecWorld (Misti), HackInTheBox,Blackhat, OSCON, Bellua, Syscan, ISACA, and OWASP. His articles areregularly published on Securityfocus, InformIT, DevX, O’reilly, andHNS. His work has been quoted on BBC, Dark Reading, and Bank Technologyas an expert.
Tags:SecurityWeb


相关书籍

  • Network Security Technologies and Solutions
  • Rapid Portlet Development with WebSphere Portlet Factory (PDF英文版)
  • Software Security Engineering: A Guide for Project Managers (CHM 英文版)
  • Managing Catastrophic Loss of Sensitive Data: A Guide for IT and Security Profes
  • DOM Scripting: Web Design with JavaScript and the Document Object Model

评论 (4) 1 All

登陆 | 还没注册?