Secure ASP.NET AJAX Development (Digital Short Cut)

Secure ASP.NET AJAX Development (Digital Short Cut)

4.11 - 1251 ratings - Source

This is the eBook version of the printed book. Many organizations are diving headfirst into AJAX technologies to make their Web applications richer and more user friendly, but they often do not realize the security implications of the AJAX approach. Microsoft's ASP.NET AJAX technologies, commonly known by the codename qAtlas, q and other AJAX frameworks are changing the way Web applications look and are developed, but Web developers are often unaware of the security risks they are introducing into their applications with these emerging technologies. AJAX fundamentally changes the user experience and server interaction in Web applications, so developers may be taking otherwise secure applications and opening up new angles of attack for hackers. This short cut outlines the increased security risk inherent with AJAX technologies and addresses how developers can use Microsoft's ASP.NET AJAX to implement secure AJAX applications. After discussing Web application security pitfalls that are common in AJAX development, given its focus on increased client processing and more frequent access to Web services and databases, the author focuses on a few key security principles for AJAX developers--demystifying AJAX security and teaching how to develop secure AJAX applications using ASP.NET AJAX Extensions. The short cut concludes with a walkthrough of security testing best practices that will help effectively uncover security problems in AJAX applications during development and testing. What This Short Cut Covers 3 Section 1: AJAX, ASPNET, and Atlas 4 Section 2: AJAX Security Pitfalls 19 Section 3: Securing ASPNET AJAX 44 Section 4: ASPNET AJAX Security Testing 81 About the Author 92The browser evaluates the JSON-formatted JavaScript callback, which results in a cross-domain call to a Web service ... the JavaScript dynamically adds a script tag to the page, which results in the execution of the JSON Web service call across domains. ... The bridge technology is not committed for full support in ASP.

Title:Secure ASP.NET AJAX Development (Digital Short Cut)
Author:Jason Schmitt
Publisher:Pearson Education - 2006-11-17


You Must CONTINUE and create a free account to access unlimited downloads & streaming