Book Review - Securing Ajax Applications by Christopher Wells
Category Book Review Christopher Wells Securing Ajax Applications
Since Ajax is such a hot subject right now, I thought the book Securing Ajax Applications by Christopher Wells would be a worthwhile read. Unfortunately, that's a very specific title for a book that tries to cover far more ground than just Ajax security. When you get done, you'll have a better idea about web-based software and hardware security from an architecture level. But you'll probably still be wanting a book that specifically covers "Ajax" security.
Contents:
The Evolving Web; Web Security; Securing Web Technologies; Protecting the Server; A Weak Foundation; Securing Web Services; Building Secure APIs; Mashups; Index
The book starts out with the history of HTTP web communication, alternatives that developed over time (like Flash and applets) that would allow e-commerce, and then how Ajax stepped into the fray. All pretty general stuff, and probably already known if you're picking up this book as a means to refine what you already do with Ajax. The chapter on Securing Web Technologies talks about the types of attacks that can be carried out over the web. Again, you've likely covered all this before if you've been programming web apps for any length of time. From there, you learn about browser weaknesses using Microsoft's STRIDE model (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privileges). As before, it's good information about security, but still not what I would consider Ajax-specific. Protecting The Server gets into how to harden a HTTP server, but the same observation applies... not specific to Ajax. The last few chapters get into more of what I would consider Ajax topics, like web services, mashups, API's, etc. But even then, we're still in a position where the information can be characterized as applicable to far more than just Ajax usage.
I think most of the problem comes down to the title of the book. After all, that's what attracts you to pull it off the shelf and take a look. If the title was more generic, like Securing Web Applications or Web Environment Security, I'd feel that I was getting the content that the author "promised" in the title. But using Ajax in the title appeared to be an attempt to use a hot buzz word for a book that was more general than that.
Since Ajax is such a hot subject right now, I thought the book Securing Ajax Applications by Christopher Wells would be a worthwhile read. Unfortunately, that's a very specific title for a book that tries to cover far more ground than just Ajax security. When you get done, you'll have a better idea about web-based software and hardware security from an architecture level. But you'll probably still be wanting a book that specifically covers "Ajax" security.
Contents:
The Evolving Web; Web Security; Securing Web Technologies; Protecting the Server; A Weak Foundation; Securing Web Services; Building Secure APIs; Mashups; Index
The book starts out with the history of HTTP web communication, alternatives that developed over time (like Flash and applets) that would allow e-commerce, and then how Ajax stepped into the fray. All pretty general stuff, and probably already known if you're picking up this book as a means to refine what you already do with Ajax. The chapter on Securing Web Technologies talks about the types of attacks that can be carried out over the web. Again, you've likely covered all this before if you've been programming web apps for any length of time. From there, you learn about browser weaknesses using Microsoft's STRIDE model (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privileges). As before, it's good information about security, but still not what I would consider Ajax-specific. Protecting The Server gets into how to harden a HTTP server, but the same observation applies... not specific to Ajax. The last few chapters get into more of what I would consider Ajax topics, like web services, mashups, API's, etc. But even then, we're still in a position where the information can be characterized as applicable to far more than just Ajax usage.
I think most of the problem comes down to the title of the book. After all, that's what attracts you to pull it off the shelf and take a look. If the title was more generic, like Securing Web Applications or Web Environment Security, I'd feel that I was getting the content that the author "promised" in the title. But using Ajax in the title appeared to be an attempt to use a hot buzz word for a book that was more general than that.
| Permalink |
