Building Secure Software with New Web Technologies
The latest generation of Web technologies-AJAX, improved client-side scripting, support for extensive DOM manipulation in browsers, content syndication, Web service APIs, and simple interchange formats such as JSON-are all driving new, powerful Web applications. Based on his work on real world "Web 2.0" applications, Ivan Krstic discusses the security implications of these new technologies. Ivan describes specific attacks such as Web-based worms, XSS, CSRF, and HTTP response splitting and offers advice on mitigating security risks during the engineering process. Learn how standard security guidelines such as The Confidentiality-Integrity-Availability (CIA) model apply to the modern Web and about the role of cryptography and crypto-engineering in Web security. Take back concrete recommendations for security specifications during initial software design, guidelines for implementation, and security tracking requirements after deployment.
- New Web technologies that fuel new security threats
- The most successful security strategy for developers
- Harden software from attacks at each stage of development