找回密码
 注册
搜索
热搜: java php web
查看: 758|回复: 8

Web 2.0 Security – Defending AJAX, RIA, AND SOA

[复制链接]
发表于 2009-9-1 16:56:32 | 显示全部楼层 |阅读模式


作者:Shreeraj Shah
出版日期:December 4, 2007
出版社:其它
页数:365
ISBN:ISBN-10: 1584505508 ISBN-13: 978-1584505501
文件格式:PDF


Product Description
Service-Oriented Architecure (SOA), Rich Internet Applications (RIA),and Asynchronous Java and eXtended Markup Language (Ajax) comprise thebackbone behind now-widespread Web 2.0 applications, such as MySpace,Google Maps, Flickr, and Live.com. Although these robust tools makenext-generation Web applications possible, they also add new securityconcerns to the fi eld of Web application security. Yamanner-, Sammy-,and Spaceflash-type worms are exploiting client-side Ajax frameworks,providing new avenues of attack, and compromising confidentialinformation. Portals such as Google, Netflix, Yahoo, and MySpace havewitnessed new vulnerabilities recently, and these vulnerabilities canbe leveraged by attackers to perform phishing, cross-site scripting(XSS), and cross-site request forgery (CSRF) exploitation. Web 2.0Security: Defending Ajax, RIA, and SOA covers the new field of Web 2.0security. Written for security professionals and developers, the bookexplores Web 2.0 hacking methods and helps enhance next-generationsecurity controls for better application security. Readers will gainknowledge in advanced footprinting and discovery techniques; Web 2.0scanning and vulnerability detection methods; Ajax and Flash hackingmethods; SOAP, REST, and XML-RPC hacking; RSS/Atom feed attacks;fuzzing and code review methodologies and tools; and tool building withPython, Ruby, and .NET. Whether you’re a computer securityprofessional, a developer, or an administrator, Web 2.0 Security:Defending Ajax, RIA, and SOA is the only book you will need to preventnew Web 2.0 security threats from harming your network and compromisingyour data.
About the Author
Shreeraj Shah, B.E., MSCS, MBA, is a co-founder of Blueinfy andSecurityExposure, companies that provide application security and OnDemand Scanning services. Prior to founding Blueinfy, he was founderand board member at Net Square. He also worked with Foundstone(McAfee), Chase Manhattan Bank, and IBM in information security.Shreeraj has played an instrumental role in product development,researching new methodologies, and training designs. He has performedseveral security consulting assignments in the area of penetrationtesting, code reviews, web application assessments, securityarchitecture reviews, and managing projects (Products/Services). He isthe author of Web 2.0 Security (Cengage Learning, 2007), Hacking WebServices (Thomson Learning, 2006), and Web Hacking: Attacks and Defense(Addison-Wesley, 2002). In addition, he has published severaladvisories, tools, and whitepapers, and has presented at numerousconferences including RSA, AusCERT, InfosecWorld (Misti), HackInTheBox,Blackhat, OSCON, Bellua, Syscan, ISACA, and OWASP. His articles areregularly published on Securityfocus, InformIT, DevX, O’reilly, andHNS. His work has been quoted on BBC, Dark Reading, and Bank Technologyas an expert.

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有账号?注册

×
发表于 2009-9-1 17:52:09 | 显示全部楼层
xiexei

评分

1

查看全部评分

回复

使用道具 举报

发表于 2009-9-11 10:10:03 | 显示全部楼层
顶一下

评分

1

查看全部评分

回复

使用道具 举报

发表于 2009-9-18 13:11:47 | 显示全部楼层
谢谢分享
回复

使用道具 举报

发表于 2009-9-19 13:31:15 | 显示全部楼层
web2.0 security? IT 知識好像永遠吸收不完呢, 謝大大...
回复

使用道具 举报

发表于 2009-11-9 04:09:20 | 显示全部楼层
这本书不错的,我看过了,推荐一下
回复

使用道具 举报

发表于 2010-1-13 12:57:09 | 显示全部楼层
谢谢分享!!!
回复

使用道具 举报

发表于 2010-1-14 09:06:04 | 显示全部楼层
正在找呢,不错
回复

使用道具 举报

发表于 2010-1-18 22:13:04 | 显示全部楼层
这本书去年已经翻译成中文了
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 注册

本版积分规则

Archiver|手机版|小黑屋|软晨网(RuanChen.com)

GMT+8, 2024-11-23 05:57

Powered by Discuz! X3.5

Copyright © 2001-2023 Tencent Cloud.

快速回复 返回顶部 返回列表