File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Book Reviews and the fly likes Ajax Security by Billy Hoffman, Bryan Sullivan Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Books » Book Reviews
Bookmark "Ajax Security by Billy Hoffman, Bryan Sullivan" Watch "Ajax Security by Billy Hoffman, Bryan Sullivan" New topic
Author

Ajax Security by Billy Hoffman, Bryan Sullivan

Book Review Team
Bartender

Joined: Feb 15, 2002
Posts: 936
<pre>Author/s : Billy Hoffman, Bryan Sullivan
Publisher : Addison Wesley
Category : Web design, HTML and JavaScript
Review by : Jeanne Boyarsky
Rating : 10 horseshoes
</pre>
Anyone involved in developing/testing AJAX should read "AJAX Security." It covers preventing a hacker from attaching your application. The audience includes developers, QA and penetration testers. While there are code snippets, they are explained well. While managers aren't in the target audience, I think they could benefit from understanding the concepts presented in the book.

The book begins with a brief review of AJAX architecture with an emphasis on security. The writing style is quite engaging including a chapter walking you through an attack from a hacker's point of view. All the major known categories of attacks are included including resource enumeration, parameter manipulation (with SQL and XPATH injection), session hijacking, JSON hijacking, XSS, CSRF, phishing, denial of service, etc.

I particularly liked the analogies to things that happen in the physical world such as resource injection into a roommate's "to do" list and hijacking another customer's paid order in the deli. These made it easy to visualize the problem even for people who don't code often.

The authors were realistic and included the limitations and drawbacks of each tool/framework mentioned. I liked the chapter analyzing two major JavaScript worms including the source code. This really hit home on the importance of certain practices!

All information was up to date as of printing including comments on all four major browsers (IE, Firefox, Opera and Safari.) They even mentioned the HTML 5 specification. The book is not server side language specific, which was nice.


More info at Amazon.com
More info at Amazon.co.uk
Book Review Team
Bartender

Joined: Feb 15, 2002
Posts: 936
<pre>Review by : Ulf Dittmer
Rating : 9 horseshoes
</pre>
With the advent of more sophisticated client-side web apps -- facilitated by AJAX and the JavaScript XmlHttpRequest object -- have come more numerous and more easily discovered security issues. As the authors point out, AJAX combines the vulnerabilities of traditional web apps and web services.

This book is billed as "The Hands-On, Practical Guide to Preventing Ajax-Related Security Vulnerabilities", and it delivers admirably on that count. It covers in detail the wide range of attack possibilities - from traditional web attacks and JavaScript hijacking over client-side storage and offline vulnerabilities to request origin issues, mashups and even CSS. An analysis of two JavaScript worms and a couple of chapters presenting tools to help test AJAX application and popular AJAX frameworks round out the book. Many illustrations and code examples help convey the subjects, as do details of what to look out for in particular browsers or server software. It's hard to picture a web worker (be it developer, tester, producer or manager) that doesn't take away something (and more likely quite a bit) from this book.

It's written in a style that makes it easily approachable, and complex topics are explained well. Although some of the later material assumes knowledge of the earlier stuff, most chapters can be skipped if the reader isn't interested in a particular topic, and revisited later. I recommend the book to every web professional.


More info at Amazon.com
More info at Amazon.co.uk
Austin Lee
Ranch Hand

Joined: Feb 18, 2008
Posts: 56
Nice review, so I can find I need.
Thanks for your work.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Ajax Security by Billy Hoffman, Bryan Sullivan