Friendster, Facebook, Youtube, and MySpace: These are just a few of the Web 2.0 sites that we are seeing sprouting everyday on the Net. If you happen to own or manage a Web 2.0 asset, you need to be aware of the latest wave of cybercrime threatening the very existence of your site. With knowledge comes the ability to protect one’s site from these attacks. The book Hacking Exposed Web 2.0 shows you how hackers perform reconnaissance, choose their entry point, and attack Web 2.0-based services. It also reveals detailed countermeasures, expert tactics and defense techniques from Internet security professionals which include avoiding injection and buffer overflow attacks, fixing browser and plug-in flaws, and securing AJAX, Flash, and XML-driven applications. There are also numerous real-world case studies illustrating the weaknesses of social networking sites, methods employed in cross-site attacks, vulnerabilities during migration, and shortcomings of IE7.

The book addresses the most common threats and issues of any Web 2.0 asset:
    * Using the proven Hacking Exposed way, plug security holes in Web 2.0 implementations
    * Understand how hackers aim their target and abuse vulnerable Web 2.0 applications, browsers, plug-ins, online databases, user inputs, and HTML forms
    * Prevent Web 2.0-based injection attacks using SQL, XPath, XQuery, LDAP, and command
    * Protect against XXE, directory traversal, and buffer overflow exploits
    * Learn the methods used by attackers to bypass browser security controls like XSS and Cross-Site Request Forgery methods
    * Get a complete knowledge and fix vulnerabilities in Outlook Express and Acrobat Reader add-ons
    * Reinforce ASP an .NET security by using input validators and XML classes
    * Remove unintentional exposures in ASP.NET AJAX (Atlas), Direct Web Remoting, Sajax, and GWT Web applications
    * Mitigate ActiveX security exposures using SiteLock, code signing, and secure controls
    * How to find and fix Adobe Flash vulnerabilities and DNS rebinding attacks

Logical Security shares a sample chapter of the book "Hacking Exposed Web 2.0" at http://www.logicalsecurity.com/resources/resources_bookchapters.html to give you a glimpse of the expert knowledge you will get from it to protect your Web 2.0 implementations.