[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] Rough Cut of To-Be-Published Ajax Security

From: "Dean H. Saxe" <dean@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [WEB SECURITY] Rough Cut of To-Be-Published Ajax Security
Date: Tue, 14 Aug 2007 09:26:52 -0400

--Apple-Mail-36-484898897
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=US-ASCII;
	delsp=yes;
	format=flowed

Reading this threat I picked up a copy of the Securing AJAX  
Applications book by Christopher Wells.  Too bad it only briefly  
touched on anything specific to AJAX.  Honestly this was the first  
O'Reilly book I have ever regretted purchasing since it has very  
little useful information that is related directly to its title.  If  
you want a high level, generic view of web app security, this might  
fit the bill...


-dhs

Dean H. Saxe, CISSP, CEH
dean@fullfrontalnerdity.com
"To announce that there must be no criticism of the president, or  
that we are to stand by the president right or wrong, is not only  
unpatriotic and servile, but is morally treasonable to the American  
public."
     -- Theodore Roosevelt


On Aug 11, 2007, at 11:17 PM, Billy Hoffman wrote:

> Andre,
>
> I will be putting up the slides on SPI's website very soon (we are  
> all a little business with post black hat stuff and the HP merger).  
> I'll forward the slides to you directly as well as a copy of the  
> free chapter.
>
> Thanks for the interest, its going to be an awesome book,
> Billy Hoffman
> --
> Lead Researcher, SPI Labs
> Phone:  678-781-4800
> Direct: 678-781-4845
>
> -----Original Message-----
> From: andreg@gmail.com on behalf of Andre Gironda
> Sent: Fri 8/10/2007 7:59 PM
> To: websecurity@webappsec.org
> Subject: [WEB SECURITY] Rough Cut of To-Be-Published Ajax Security
>
> When searching for "Securing Ajax Applications", I came across this  
> link:
>
> http://money.cnn.com/news/newsfeeds/articles/prnewswire/ 
> CLM00730072007-1.htm
>
> What I was really looking for was this - http://isbn.nu/9780596529314
>
> But after reading both, I'm convinced that Christopher Wells, Billy
> Hoffman, and Bryan Sullivan really know their stuff and explain all of
> the concepts rather well.
>
> Did anyone get a free print copy of the sample chapter from "Ajax
> Security" after the `Premature Ajax-ulation' talk?  I'd be interested
> to hear which chapter they included.  I'm also having a hard time
> finding the slides for that presentation.  Will someone please point
> me in the right direction?
>
> Cheers,
> dre
>
> ---------------------------------------------------------------------- 
> ------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/
>
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
>
>


--Apple-Mail-36-484898897
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=ISO-8859-1

<HTML><BODY style=3D"word-wrap: break-word; -khtml-nbsp-mode: space; =
-khtml-line-break: after-white-space; ">Reading this threat I picked up =
a copy of the Securing AJAX Applications book by Christopher Wells.=A0 =
Too bad it only briefly touched on anything specific to AJAX.=A0 =
Honestly this was the first O'Reilly book I have ever regretted =
purchasing since it has very little useful information that is related =
directly to its title.=A0 If you want a high level, generic view of web =
app security, this might fit the bill...<DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV><DIV>-dhs<DIV><SPAN =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Verdana; =
font-size: 11px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><DIV><BR =
style=3D"font-family: Osaka; "></DIV><DIV>Dean H. Saxe, =
CISSP,=A0CEH</DIV><DIV><A =
href=3D"mailto:dean@fullfrontalnerdity.com";>dean@fullfrontalnerdity.com</A=
></DIV><DIV>"To announce that there must be no criticism of the =
president, or that we are to stand by the president right or wrong, is =
not only unpatriotic and servile, but is morally treasonable to the =
American public."</DIV><DIV>=A0 =A0=A0-- Theodore Roosevelt</DIV><BR =
class=3D"Apple-interchange-newline"></SPAN> </DIV><BR><DIV><DIV>On Aug =
11, 2007, at 11:17 PM, Billy Hoffman wrote:</DIV><BR =
class=3D"Apple-interchange-newline"><BLOCKQUOTE type=3D"cite"><P><FONT =
size=3D"2">Andre,<BR> <BR> I will be putting up the slides on SPI's =
website very soon (we are all a little business with post black hat =
stuff and the HP merger). I'll forward the slides to you directly as =
well as a copy of the free chapter.<BR> <BR> Thanks for the interest, =
its going to be an awesome book,<BR> Billy Hoffman<BR> --<BR> Lead =
Researcher, SPI Labs<BR> Phone:=A0 678-781-4800<BR> Direct: =
678-781-4845<BR> <BR> -----Original Message-----<BR> From: <A =
href=3D"mailto:andreg@gmail.com";>andreg@gmail.com</A> on behalf of Andre =
Gironda<BR> Sent: Fri 8/10/2007 7:59 PM<BR> To: <A =
href=3D"mailto:websecurity@webappsec.org";>websecurity@webappsec.org</A><BR=
> Subject: [WEB SECURITY] Rough Cut of To-Be-Published Ajax Security<BR> =
<BR> When searching for "Securing Ajax Applications", I came across this =
link:<BR> <BR> <A =
href=3D"http://money.cnn.com/news/newsfeeds/articles/prnewswire/CLM0073007=
2007-1.htm">http://money.cnn.com/news/newsfeeds/articles/prnewswire/CLM007=
30072007-1.htm</A><BR> <BR> What I was really looking for was this - <A =
href=3D"http://isbn.nu/9780596529314";>http://isbn.nu/9780596529314</A><BR>=
 <BR> But after reading both, I'm convinced that Christopher Wells, =
Billy<BR> Hoffman, and Bryan Sullivan really know their stuff and =
explain all of<BR> the concepts rather well.<BR> <BR> Did anyone get a =
free print copy of the sample chapter from "Ajax<BR> Security" after the =
`Premature Ajax-ulation' talk?=A0 I'd be interested<BR> to hear which =
chapter they included.=A0 I'm also having a hard time<BR> finding the =
slides for that presentation.=A0 Will someone please point<BR> me in the =
right direction?<BR> <BR> Cheers,<BR> dre<BR> <BR> =
--------------------------------------------------------------------------=
--<BR> Join us on IRC: irc.freenode.net #webappsec<BR> <BR> Have a =
question? Search The Web Security Mailing List Archives:<BR> <A =
href=3D"http://www.webappsec.org/lists/websecurity/";>http://www.webappsec.=
org/lists/websecurity/</A><BR> <BR> Subscribe via RSS:<BR> <A =
href=3D"http://www.webappsec.org/rss/websecurity.rss";>http://www.webappsec=
.org/rss/websecurity.rss</A> [RSS Feed]<BR> <BR> <BR> </FONT> </P>  =
</BLOCKQUOTE></DIV><BR></DIV></DIV></BODY></HTML>=

--Apple-Mail-36-484898897--

Follow-Ups:
- RE: [WEB SECURITY] Rough Cut of To-Be-Published Ajax Security
  - From: Billy Hoffman

References:
- [WEB SECURITY] Rough Cut of To-Be-Published Ajax Security
  - From: Andre Gironda
- RE: [WEB SECURITY] Rough Cut of To-Be-Published Ajax Security
  - From: Billy Hoffman

Prev by Date: [WEB SECURITY] WASC Announcement: 'WASSEC Project' Call for Participants
Next by Date: RE: [WEB SECURITY] Rough Cut of To-Be-Published Ajax Security
Previous by thread: RE: [WEB SECURITY] Rough Cut of To-Be-Published Ajax Security
Next by thread: RE: [WEB SECURITY] Rough Cut of To-Be-Published Ajax Security
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site