Sunday, November 30, 2008
Ajax Security by Billy Hoffman and Bryan Sullivan
I just finished reading Ajax Security by Billy Hoffman and Bryan Sullivan and wanted to write some of my thoughts about it in order to reflect my impression of the book.
The book is nicely organized and gives a very clear introduction to concepts of web application security, including listing major vulnerabilities and attack vectors and then after establishing these basics it dives in with examples, details and tips to explain Ajax, its usage, its mis-usage and the security implications. The attack vectors are not only mentioned or explained in theory, they are given an example story as context, and for understanding attackers' motivation, and then carefully detail the technical aspects to form a clear picture of the problem which then prepares the reader to understand and accept the suggested "dos and don'ts".
I found the book to be more than just a source of information, something that will bring me up to speed with the field's jargon. I found it to be inspiring. I cannot wait for a similar book on browser plug-in security. I hope that the authors have something like that cooking already.
The book, as you might understand already, is highly recommended.
* I added this review of mine to the book's page on Amazon.com: ***** Very well written (Shlomo Yona)
at 6:46 AM