Addison-Wesley released a “Rough Cut” of the forthcoming book Ajax Security. Rough Cuts, from Safari Books Online, allow readers to gain access to portions of a book as it is being written. The book is scheduled to be published in late 2007 and you can access the rough cut here.
Ajax Security, a hands-on, practical primer for professionals who want to prevent Ajax-related security weaknesses, exposes the minefield of vulnerabilities inherent in the Ajax framework and provides a guide for software developers to safely navigate through its complexity and create a secure application. Ajax Security will also benefit quality assurance and security penetration testers who want to find vulnerabilities in the Ajax applications they test to secure them from potential attacks. Each chapter begins with a myth about Ajax security which in turn is debunked. Throughout the book, readers can find case studies of actual exploited Ajax vulnerabilities to illustrate key points. The authors also provide specific recommendations for securing Ajax applications for each of the major Web programming languages (.NET, Java, and PHP) as well as for the popular new language, Ruby. Readers will become familiar with the security issues of the Web 2.0 world as well as learn how to create secure mashup web sites; will learn how to identify vulnerabilities that may be lingering in current code; and receive recommendations for keeping new security vulnerabilities out of code.