Ubuntu Here We Come! -
Java Finally To Become
100% Open Source
Reader wrote: Since
November 206, wow! that
is a long process.
May. 15, 2008 06:29 PM
|
 |
 |
|
|
|
|
YOUR FEEDBACK
|
TOP MICROSOFT .NET LINKS AJAXWorld News Desk
AJAX Book Recommendation: "Ajax Security" by Hoffman and Sullivan
If you call yourself a professional web developer, you need this book
By: Brian J. Dillard
Feb. 2, 2008 06:00 AM
Digg This!
Web aggregators and SSLThis is probably a great big "duh" to some developers, but web aggregators such as iGoogle and NetVibes often compromise the security of otherwise SSL-encrypted web applications when funneling content from them to your personalized homepage:
Offline applications and client-side validationSecurity experts, including Hoffman and Sullivan, have long trumpeted the danger of relying on client-side input validation without parallel server-side validation. But with offline applications, they argue, client-side validation becomes absolutely necessary:
Ajax frameworks and function clobberingWhen an attacker gains access to a web server and appends JavaScript code to a running Ajax application, it's much easier to inflict damage on apps that employ well-known JavaScript frameworks:
The book itself, of course, documents dozens more specific security vulnerabilities - as well as best practices for protecting your application against them. As my effusive praise should have made clear by now, I can't recommend "Ajax Security" highly enough. It's available from Amazon and Safari Books Online. Article contents adapted from entries in the Agile Ajax blog. Copyright © 2008 Pathfinder Development. All-New at AJAXWorld 2008 East at The Roosevelt Hotel in midtown Manhattan !  Being held for the first time on March 18, 2008 at the historic Roosevelt Hotel in New York City, AJAXWorld Security Bootcamp is a compelling, intensive, one-day, hands-on training program that will teach Web developers, Web designers, and other Web professionals how to build secure AJAX applications and demonstrate what the best practices are to mitigate security problems in AJAX apps. It is led by one of the world's foremost AJAX security experts and popular teachers, Billy Hoffman. Click Here to Register Now and Save! When: Monday, March 18, 2008: 8:30AM-5:30PM Where: The Roosevelt Hotel on 45th and Madiscon, New York City Who: AJAX Security Bootcamp is led by:  Billy Hoffman is a lead security researcher for SPI Dynamics (www.spidynamics.com), which was purchased by Hewlett-Packard on 01 August 2007. At SPI Dynamics, he focuses on automated discovery of Web application vulnerabilities and crawling technologies. He has been a guest speaker at Black Hat Federal, Toorcon, Shmoocon, O'Reilly's Emerging Technology Conference, The 5th Hope, and several other conferences. His work has been featured in Wired, Make magazine, Slashdot, G4TechTV, and in various other journals and Web sites. In addition, Billy is a reviewer of white papers for the Web Application Security Consortium (WASC), and is a creator of Stripe Snoop, a suite of research tools that captures, modifies, validates, generates, analyzes, and shares data from magstripes. He also spends his time contributing to OSS projects and writes articles under the handle Acidus. Billy was a featured speaker at AJAXWorld Conference & Expo 2007 West. Join Billy and your fellow Bootcamp delegates at the AJAXWorld Security Bootcamp on March 18. We'll see you in New York City... Click Here to Register Now and Save! Page 2 of 2 « previous page
MICROSOFT .NET LATEST STORIES
SUBSCRIBE TO THE WORLD'S MOST POWERFUL NEWSLETTERS SUBSCRIBE TO OUR RSS FEEDS & GET YOUR SYS-CON NEWS LIVE!
|
SYS-CON FEATURED WHITEPAPERS MOST READ THIS WEEK BREAKING NEWS FROM THE WIRES
|
||||||||||||||||||||||||||||||||||||||||||||
|
|
| | | | | | | | |
|
|
|
|
|
|
| | | | | | | | | | | | | | | | |
|
|
| SYS-CON MEDIA: | | | | |
| SYS-CON EVENTS: | | | | | |
| INTERNATIONAL SITES: | | | | | | | | | | |
 |
Terms of Use & Our Privacy Statement  About Newsfeeds / Video Feeds |
| Copyright ©1994-2008 SYS-CON Publications, Inc. All Rights Reserved. All marks are trademarks of SYS-CON Media. |
| Reproduction in whole or in part in any form or medium without express written permission of SYS-CON Publications, Inc. is prohibited. |
.gif)
Corporate raider Carl
Icahn started his proxy
fight for control of
Yahoo this morning,
beginning with the
classic Icahn opening,
the letter of reproach to
the Yahoo board telling
them they have acted
'irrationally and lost
the faith of shareholders
and Microsoft.'
ASP.NET developers are
bored with traditional
books that outline
concepts in a lengthy
way. These books are good
if you like to learn the
features in a detailed
manner. However, by the
time the book is read, a
new version will be
released. Hence, many
learners including myself
prefer s
It seems as though
whenever I bring up PNRP
and its benefits, I am
immediately inundated
with a list of questions
or comments indicating
that Microsoft is
re-inventing the wheel
and that PNRP has already
been implemented before
in the form of ZeroConf
and, more specifically,
Apple's im
