Web 2.0 Security: Defending Ajax, RIA, and SOA [With CDROM]

Buy this book if you want to have decent information on tools to use for testing and defending your applications against various Web 2.0 security-related vulnerabilities. I deducted one star because I felt that some parts of the book were redundant and some concepts were not explained well, but overall I am quite happy with this book!

Are you a security- professional or developer? If you are, this book is for you! Author Shreeraj Shah, has done an outstanding job of writing a great book that explores Web 2.0 hacking methods. Shah, begins by covering real life Web 2.0 applications that offer a better perspective on the overall infrastructure. Next, the author focuses on the overall Web 2.0 changes and their impact on security. Then, he discusses Web services footprinting and identifies access points for SOA as well as an understanding of application discovery and profiling to identify internal Web 2.0 resources. The author continues by discussing the XSS attack vector and its security implications for Web 2.0 applications. In addition, the author explores the security concerns growing around RSS, mashup, and widgets. He also provides an overview of SOA and the security concerns associated with it. Next, the author takes a look at ModSecurity for Apache and IhttpModule for the .NET framework, as well as some tricks with which you can identify Ajax-based requests and act upon them on the server side. Finally, he covers some interesting tools, techniques, references, and cheat sheets. This most excellent book addresses several critical aspects of Web 2.0 security/. What's most important though, is that this book addresses in detail both tactical attack vectors and defense strategies, while focussing on web 2.0.