Skip to Main Content
Secure Development for Mobile Apps
book

Secure Development for Mobile Apps

by J. D. Glaser
October 2014
Intermediate to advanced content levelIntermediate to advanced
472 pages
10h 44m
English
Auerbach Publications
Content preview from Secure Development for Mobile Apps
333
18
Secure jSon reQueStS
Building Secure JSON Responses
Securing JSON responses from hijacking on the server has two main requirements
that need to be met as part of application architecture. ese are:
Ensure a properly formatted JSON object
Use POST to retrieve sensitive data via JSON
Another way to put this is:
Never return JSON arrays
Never use GET requests for sensitive data
A properly formed JSON object is not executable by JavaScript. A JSON array is
executable by JavaScript. Using POST only to return JSON objects prevents remote
scripts from obtaining private data via a GET request and authentication cookie.
e Anti-Pattern for Insecure JSON Implementations would be an architecture
that has the following elements in place. CSR
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Developing with Web Standards

Developing with Web Standards

John Allsopp
Mobile Cloud Computing

Mobile Cloud Computing

Dijiang Huang, Huijun Wu

Publisher Resources

ISBN: 9781482209037