Press Room

Press Release: July 6, 2007

Securing Ajax Applications--New from O'Reilly: Checks and Balances for Greater Security

Sebastopol, CA--"Deciding to add security to a web application is like deciding whether to wear clothes in the morning, " writes security expert Christopher Wells. "Both decisions provide comfort and protection throughout the day, and in both cases the decisions are better made beforehand rather than later."

In his new book--Securing Ajax Applications (O'Reilly, $49.99)--Wells explains: "If your application is on the Internet, it is on the front lines of your network. It is like a door to the outside world that allows visitors to come in and check out whatever you have to offer. Your application needs to be secure and you need to be aware of the dangers an application can open to your network."

That's why Wells aims to teach web developers and programmers how to make vital security decisions before problems arise. And throughout his new book, Wells also systematically explores methods for maintaining web application security in today's open and creative Web 2.0 environment. And he details how to locate gaps and what to do to plug vulnerabilities before attackers take advantage of them.

Securing Ajax Applications covers basic security techniques and examines vulnerabilities with JavaScript, XML, JSON, Flash, and other technologies. Wells, also, clearly and succinctly explains how the same back-and-forth communication that makes Ajax so responsive also gives invaders new opportunities to gather data, make creative new requests of a server, and interfere with exchanges between websites and their visitors. This timely resource teaches developers how to build secure Ajax applications.

Topics include:

  • An overview of the evolving web platform, including APIs, feeds, web services, and asynchronous messaging
  • Web security basics, including common vulnerabilities, common cures, state management, and session management
  • How to secure web technologies, such as Ajax, JavaScript, Java applets, Active X controls, plug-ins, Flash, and Flex
  • How to protect your server, including front-line defense, dealing with application servers, PHP, and scripting
  • Vulnerabilities among web standards such as HTTP, XML, JSON, RSS, ATOM, REST, and XDOS
  • How to secure web services, build secure APIs, and make open mashups secure

Wells convincingly demonstrates why web security isn't just for administrators and backend programmers. Indeed, web applications don't have security guards to protect them. And there is no enforcer to beat the living bytes out of would-be attackers. Today it's up to web developers everywhere to build security into their applications.

"For applications to succeed they must have our trust," Wells says. "Trust should be earned." Wells urges developers to use security as their distinction --and "Securing Ajax Applications" shows them how.

Christopher Wells has deployed security solutions for major healthcare, telecommunication, and financial industries, and is currently employed as an Information Security Consultant for a major financial institution. He is an accomplished applications security architect with over 10 years of application security experience. Christopher holds multiple security certifications including a Certified Information Security Systems Professional (CISSP).

More information about the book, including table of contents, index, author bio, and samples

Securing Ajax Applications: Ensuring the Safety of the Dynamic Web Christopher Wells ISBN: 0-596-52931-7, $44.99 USD
1-800-998-9938; 1-707-827-7000

About O'Reilly

For almost 40 years, O’Reilly Media has provided technology and business training, knowledge, and insight to help companies succeed. Our unique network of experts and innovators share their knowledge and expertise through the company’s Safari training and learning platform and at O’Reilly conferences. As a SaaS learning platform, Safari delivers highly topical and comprehensive technology and business learning solutions to millions of users across enterprise, consumer, and university channels. For more information visit

Return to: O'Reilly Press Room

Press Contacts

Media Relations – Corporate & North America

Fama PR

Media Relations – Japan

Fumi Yamakawa
+81 3-3356-5227

Media Relations – United Kingdom

Helen Codling
+44 (0) 1252 721284