Skip to Main Content
Securing Ajax Applications
book

Securing Ajax Applications

by Christopher Wells
July 2007
Intermediate to advanced content levelIntermediate to advanced
256 pages
6h 19m
English
O'Reilly Media, Inc.
Content preview from Securing Ajax Applications

Application Server Hardening

Like web servers, application servers are flexible in their configuration. This flexibility allows them to be integrated into diverse environments. However, in many cases the out-of-the-box installation will not be hardened for Internet usage. Steps need to be taken to configure these servers so that they are secure. The following are some hardening guidelines for application servers.

Java and .NET

The following are hardening recommendations for all next generation web application servers, but particularly for Java and .NET servers.

Hardening guidelines

  1. Run all applications over SSL.

  2. Do no rely on client-side validation. Make input validation decisions on the server.

  3. Use the HttpOnly cookie option to help protect against cross-site scripting.

  4. Plan how authentication and access controls work before implementation.

  5. Employ role-base authorization checks for resources such as pages and directories.

  6. Divide the file structure of the site into public and restricted areas and provide proper authentication and access controls to restricted areas.

  7. Validate all input for type, length, and format. Employ positive validation and check for known acceptable data before filtering for bad data.

  8. Handle exceptions securely by not providing debug or infrastructure details as part of the exception.

  9. Use absolute URLs when sites contain secure and unsecure items.

  10. Ensure parameters used in SQL statements or data access codes are validated for length and type of data to help prevent ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Ajax Security

Ajax Security

Billy Hoffman, Bryan Sullivan
Firefox Hacks

Firefox Hacks

Nigel McFarlane

Publisher Resources

ISBN: 9780596529314Errata Page