|
Web 2.0 Security - Defending Ajax, RIA, and SOA
Service-Oriented Architecure (SOA), Rich Internet Applications (RIA), and Asynchronous Java and eXtended Markup Language (Ajax) comprise the backbone behind now-widespread Web 2.0 applications, such as MySpace, Google Maps, Flickr, and Live.com. Although these robust tools make next-generation Web applications possible, they also add new security concerns
to the field of Web application security. Yamanner-, Sammy-, and Spaceflash-type worms are exploiting client-side Ajax frameworks, providing new avenues of attack, and compromising confidential information. Portals such as Google, Netflix, Yahoo, and MySpace have witnessed new vulnerabilities recently, and these vulnerabilities can be leveraged by attackers to perform phishing, cross-site scripting (XSS), and cross-site request forgery (CSRF) exploitation. Web 2.0 Security: Defending Ajax, RIA, and SOA covers the new field of Web 2.0 security. Written for security professionals and developers, the book explores Web 2.0 hacking methods and helps enhance next-generation security controls for better application security. Readers will gain knowledge in advanced footprinting and discovery techniques; Web 2.0 scanning and vulnerability detection methods; Ajax and Flash hacking methods; SOAP, REST, and XML-RPC hacking; RSS/Atom feed attacks; fuzzing and code review methodologies and tools; and tool building with Python, Ruby, and .NET. Whether you're a computer security professional, a developer, or an administrator, Web 2.0 Security: Defending Ajax, RIA, and SOA is the only book you will need to prevent new Web 2.0 security threats from harming your network and compromising your data.
Features
* Covers new Web 2.0 hacking methodology through hands-on examples and case studies.
* Explains Ajax attack vectors and defense.
* Provides instruction on reverse-engineering for Flash and .NET based applications and hacking methodologies for SOAP, XML-RPC and REST-based applications.
* Presents advanced Web 2.0 hacking methods including scanning, footprinting and discovery.
* Covers dynamic DOM event management with Ruby.
* Explains Web 2.0 security assessment and defense tools and their usage.
* Contains a companion CD-ROM with tools, Flash-based demos and an abundance of samples, code, and images.
CONTENTS:
Chapter 1 - Web 2.0 Introduction and Security
Chapter 2 - Overview of Web 2.0 Technologies
Chapter 3 - Web 2.0 Security Threats, Challenges, and Defenses
Chapter 4 - Web 2.0 Security Assessment Approaches, Methods, and Strategies
Chapter 5 - Web 2.0 Application Footprinting
Chapter 6 - Web 2.0 Application Discovery, Enumeration, and Profiling
Chapter 7 - Cross-Site Scripting with Web 2.0 Applications
Chapter 8 - Cross-Site Request Forgery with Web 2.0 Applications
Chapter 9 - RSS, Mashup, and Widget Security
Chapter 10 - Web 2.0 Application Scanning and Vulnerability Detection
Chapter 11 - SOA and Web Services Security
Chapter 12 - SOA Attack Vectors and Scanning for Vulnerabilities
Chapter 13 - Web 2.0 Application Fuzzing for Vulnerability Detection and Filtering for Countermeasures
Chapter 14 - Web 2.0 Application Defenses by Request Signature and Code Scanning
Chapter 15 - Resources for Web 2.0 Security: Tools, Techniques, and References
|
