作者:Shreeraj Shah
出版日期:December 4, 2007
出版社:其它
页数:365
ISBN:ISBN-10: 1584505508 ISBN-13: 978-1584505501
文件格式:PDF
Product Description
Service-Oriented Architecure (SOA), Rich Internet Applications (RIA),and Asynchronous Java and eXtended Markup Language (Ajax) comprise thebackbone behind now-widespread Web 2.0 applications, such as MySpace,Google Maps, Flickr, and Live.com. Although these robust tools makenext-generation Web applications possible, they also add new securityconcerns to the fi eld of Web application security. Yamanner-, Sammy-,and Spaceflash-type worms are exploiting client-side Ajax frameworks,providing new avenues of attack, and compromising confidentialinformation. Portals such as Google, Netflix, Yahoo, and MySpace havewitnessed new vulnerabilities recently, and these vulnerabilities canbe leveraged by attackers to perform phishing, cross-site scripting(XSS), and cross-site request forgery (CSRF) exploitation. Web 2.0Security: Defending Ajax, RIA, and SOA covers the new field of Web 2.0security. Written for security professionals and developers, the bookexplores Web 2.0 hacking methods and helps enhance next-generationsecurity controls for better application security. Readers will gainknowledge in advanced footprinting and discovery techniques; Web 2.0scanning and vulnerability detection methods; Ajax and Flash hackingmethods; SOAP, REST, and XML-RPC hacking; RSS/Atom feed attacks;fuzzing and code review methodologies and tools; and tool building withPython, Ruby, and .NET. Whether you’re a computer securityprofessional, a developer, or an administrator, Web 2.0 Security:Defending Ajax, RIA, and SOA is the only book you will need to preventnew Web 2.0 security threats from harming your network and compromisingyour data.
About the Author
Shreeraj Shah, B.E., MSCS, MBA, is a co-founder of Blueinfy andSecurityExposure, companies that provide application security and OnDemand Scanning services. Prior to founding Blueinfy, he was founderand board member at Net Square. He also worked with Foundstone(McAfee), Chase Manhattan Bank, and IBM in information security.Shreeraj has played an instrumental role in product development,researching new methodologies, and training designs. He has performedseveral security consulting assignments in the area of penetrationtesting, code reviews, web application assessments, securityarchitecture reviews, and managing projects (Products/Services). He isthe author of Web 2.0 Security (Cengage Learning, 2007), Hacking WebServices (Thomson Learning, 2006), and Web Hacking: Attacks and Defense(Addison-Wesley, 2002). In addition, he has published severaladvisories, tools, and whitepapers, and has presented at numerousconferences including RSA, AusCERT, InfosecWorld (Misti), HackInTheBox,Blackhat, OSCON, Bellua, Syscan, ISACA, and OWASP. His articles areregularly published on Securityfocus, InformIT, DevX, O’reilly, andHNS. His work has been quoted on BBC, Dark Reading, and Bank Technologyas an expert.