Wednesday, January 16th, 2008

Book recommendation: Ajax Security by Hoffman and Sullivan

Category: Book Reviews, Books

Ajax Security
Reviewers overuse the phrase “required reading,” but no other description fits the new book “Ajax Security” (2007, Addison Wesley, 470p). This exhaustive tome from Billy Hoffman and Bryan Sullivan places the specific security concerns of the Ajax programming model in historical perspective. It demonstrates not only new security threats that are unique to Ajax, but established threats that have gained new traction in the Web 2.0 era. It then details both the specific technical solutions and – more importantly – the mindset that are necessary to combat such threats.

Because so many developers have historically overlooked the importance of security, the authors approach their topic for what it is: a remedial subject. They take pains to explain the basic mechanisms by which hackers have exploited insecure web applications over the last decade: cross-site request forgeries, denial of service attacks, cross-site scripting and SQL injection. Then they explain how those mechanisms have changed thanks to the rise of xmlHttpRequest, public APIs, mash-ups and aggregators. If you’ve ever read a Douglas Crockford rant about the “brokenness” of the web security model and wondered why the guy was such an alarmist, Hoffman and Sullivan are only too happy to provide you with a much-needed wake-up call.


Posted by Dietrich Kappe at 12:24 pm

4.1 rating from 32 votes


Comments feed TrackBack URI

sounds good, i’m going to buy it

Comment by sebasgt — January 16, 2008

I spoke with Hoffman & Sullivan at a recent AjaxWorld conference. They were the highlight of the event, as they certainly knew the most about the subject they were teaching.

Their book (and lectures) is a valuable resource when designing web services, no matter what protocol. They clearly illustrate best practices, common design flaws, and the varieties of attacks that plague e-commerce and other websites.

Comment by Liquidrums — January 16, 2008

Leave a comment

You must be logged in to post a comment.