Course Technology Web 2.0 Security, Defending Ajax RIA and SOA (2008)
SOA, RIA, and Ajax are the backbone behind the now widespread Web 2.0
applications such as MySpace, Google Maps, and Live.com. Although these
robust tools make next-generation Web applications possible, they also add
new security concerns to the field of Web application security. Yamanner, Sammy, and Spaceflash-type worms are exploiting “client-side” Ajax frameworks, providing new avenues of attack, and compromising confidential information. Portals such as Google, Netflix, Yahoo, and MySpace have witnessed new vulnerabilities. These vulnerabilities can be leveraged by attackers to perform phishing, cross-site scripting (XSS), and cross-site request forgery (CSRF) exploitation. Web 2.0 Security: Defending Ajax, RIA, and SOA covers the new field of Web 2.0 security. Written for security professionals and developers, the book explores Web 2.0 hacking methods and helps in enhancing next-generation security controls for better application security. Readers will gain knowledge in advanced footprinting and discovery techniques; Web 2.0 scanning and vulnerability detection methods; Ajax and Flash hacking methods; SOAP, REST, and XML-RPC hacking; RSS/Atom feed attacks; fuzzing and code review methodologies and tools; and tool building with Python, Ruby, and .NET.
