Book review Monday:::Securing Ajax Applications | eWEEK Labs | eWeek

Book review Monday:::Securing Ajax Applications

Aug 14, 2007
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Security consultant Christopher Wells has just written Securing Ajax Applications, $49.99 from O’Reilly. While the book is written for Ajax developers, I think it’s more appropriate for business analysts who are specifying Ajax projects. Security Ajax Applications has a lot more to say to technically literate project managers than to hot shot programmers. Don’t get me wrong, developers will get a fundamental grounding in creating secure applications. However, until security is specified as a program requirement by the people paying the developers’ salary, Ajax apps will be developed as quickly as possible with little regard to security.

Over the last two years there has been much heat in the security community about the insecurities of Ajax application development. Case in point was the presentation on Premature Ajax-ulation at Black Hat Las Vegas in August.

The presenters, Bryan Sullivan and Billy Hoffman of SPI Dynamics (acquired the same day the presentation, Aug. 1, by HP) cleverly created a site Hackervacations.com using security advice from a select group of Ajax coding references. The result was a mess of vulnerabilities that basically allowed the pair to buy fictitious airline tickets for $1.Sullivan and Hoffman have a forthcoming book on ajax-ulation problems with the more demure title of Ajax Security, also $49.99 although not yet available.

Wells book was not one of the security authorities they cited for the bad advice used to build hackervacation. On the other hand, Wells doesn’t always make it easy to distill the important points of secure Ajax application development. Hidden at the bottom of page 42 is this gem: “If you remember anything from this book let it be this: you cannot trust any information coming from the client/browser.” He goes on the call for Ajax developers to validate all client input. He recommends a widely accepted strategy of using positive validation. Check data for what should be there (for example, format and length) and reject anything that doesn’t match.

Securing Ajax Applications covers server protection, securing Web services and building secure APIs. And it is a strong exhortation to developers to include security in the fundamental design of their Ajax applications.

Wells’ book is a decent primer on security. The beginning sections are a bit too simple and encourage the reader to skip ahead to the “good stuff.” I’m afraid that driven programmers will lose patience with the sometimes too cutely worded phrases of the book and miss the important points. (For example, the missive on page 42.) Business analysts will find useful material by the page for building project specifications that call for secure applications.

Title: Securing Ajax Applications Subtitle: Ensuring the Safety of the Dynamic Web First Edition: July 2007 ISBN 10: 0-596-52931-7 ISBN 13: 9780596529314 Pages: 250

.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.