SOA, RIA, and Ajax are the backbone behind the now widerspread Web 2.0 applications such as MySpace, GoogleMaps, and Wikipedia. Although these robust tools make next generation web applications possible, they also add new security concerns to the field of web application security. Yamanner, Samy and Spaceflash type worms are exploiting “client-side” Ajax frameworks, providing new avenues of attack and compromising confidential information. Portals like Google, NetFlix, Yahoo and MySpace have witnessed new vulnerabilities in the past. These vulnerabilities can be leveraged by attackers to perform Phishing, Cross-site Scripting (XSS) and Cross-Site Request Forgery (XSRF) exploitation. Web 2.0 Security: Defending Ajax, RIA, and SOA is the book to cover the new field of Web 2.0 security. Written for intermediate-to-advanced security professionals and developers, the book explores Web 2.0 hacking methods and helps in enhancing next generation security controls for better application security posture. Readers will gain knowledge in advanced footprinting and discovery techniques, Web 2.0 scanning and vulnerability detection methods, Ajax and Flash hacking methods, SOAP, REST and XML-RPC hacking, RSS/Atom feed attacks, fuzzing and code review methodologies and tools, tool building with Python, Ruby and .NET, and much, much more. The book includes a companion CD-ROM with tools, demos, samples, code, and images.
More on Amazon