The first time you sign into developerWorks, a profile is created for you. Select information in your profile (name, country/region, and company) is displayed to the public and will accompany any content you post. You may update your IBM account at any time.

All information submitted is secure.

The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerworks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

All information submitted is secure.

My developerWorks:

My notifications:

Sign out

Select a language:

Improve web application security with jQuery Mobile

Learn how to secure your mobile applications

John Leitch, Application Security Consultant, Freelance

John Leitch is an independent application security consultant living in Grand Rapids, Michigan. Working primarily with web applications, he specializes in fuzz testing, dynamic analysis, and code review. Always on the hunt for bugs, he frequently releases vulnerability advisories.

Summary: Many web developers consider security a low priority. Security is frequently relegated to the end of the software development life cycle, as little more than an afterthought. Sometimes, software security is neglected entirely, resulting in applications rife with common vulnerabilities. Because such bugs might manifest only under conditions present during an attack, they can be hard to detect prior to such events without knowledge of how the exploitation process works. Using a web application built with jQuery Mobile, PHP, and MySQL, this tutorial shows how many types of vulnerabilities occur along with common methods of exploitation and, most importantly, their respective countermeasures.

Date: 03 May 2011
Level: Intermediate
PDF: A4 and Letter (462 KB | 29 pages)Get Adobe® Reader®

Activity: 65176 views
Comments:

Resources

Learn

Working with jQuery (Michael Abernethy, developerWorks, September 2008): Get to know jQuery and learn to implement it in your own web application projects in this good introduction to the JavaScript framework.
Introduction to jQuery Mobile (C. Enrique Ortiz, developerWorks, February 2011): Find more information on developing with jQuery Mobile.
Locking down your PHP applications (Thomas Myer, developerWorks, May 2006): Learn more about securing PHP applications and guard against the most common security threats: SQL injections, the manipulation of the GET and POST variables, buffer overflow attacks, cross-site scripting attacks, data manipulation inside the browser, and remote form posting.
Seven habits for writing secure PHP applications (Nathan Good, developerWorks, September 2008): Increase the security of your Web application with another good article on tightening PHP application security.
Overcome security threats for Ajax applications (Sachiko Yoshihama, Frederik De Keukelaere, Michael Steiner, Naohiko Uramoto; developerWorks, June 2007): Learn more about client-side attacks and how to avoid some of the most common attacks.
Packet Storm: Explore an excellent source for exploits, advisories, and tools both old and new.
The Web Application Hacker's Handbook (Dafydd Stuttard and Marcus Pinto, Wiley, October 2007): Get a broader view of web application security in this practical guide to finding and exploiting security flaws.
The Open Web Application Security Project (OWASP): Find a lot of relevant information and tools for improving the security of application software.
Common Vulnerabilities and Exposures (CVE): Explore a good source for information on publicly known information security vulnerabilities and exposures.
The Open Source Vulnerability Database: Peruse another source of public vulnerability information similar to CVE.
jQuery Mobile: Visit the home page for a unified user interface system across all popular mobile device platforms, built on the rock-solid jQuery and jQuery UI foundation.
jQuery Mobile: Demos and Documentation: Access articles, APIs, and demo code for this touch-optimized web framework for smartphones and tablets.
jQuery.org: Visit the home page of the jQuery open source team.
Mobile Design and Development (Brian Fling, O'Reilly Media, August 2009): Explore practical guidelines, standards, techniques, and best practices for building mobile products.
XML area on developerWorks: Get the resources you need to advance your skills in the XML arena.
developerWorks Open source zone: Find extensive how-to information, tools, and project updates to help you develop with open source technologies and use them with IBM's products, as well as our most popular articles and tutorials.
IBM XML certification: Find out how you can become an IBM-Certified Developer in XML and related technologies.
XML technical library: See the developerWorks XML Zone for a wide range of technical articles and tips, tutorials, standards, and IBM Redbooks. Also, read more XML tips.
developerWorks technical events and webcasts: Stay current with technology in these sessions.
developerWorks on Twitter: Join today to follow developerWorks tweets.
developerWorks podcasts: Listen to interesting interviews and discussions for software developers.
developerWorks on-demand demos: Watch demos ranging from product installation and setup for beginners to advanced functionality for experienced developers.

Get products and technologies

The jQuery Mobile CDN: Get jQuery Mobile quickly with already minified and compressed versions of jQuery Mobile.
MAMP: Mac - Apache - MySQL - PHP: Get and install a Mac-based Apache, MySQL, & PHP environment local server environment.
XAMPP: Get a very easy-to-install Apache Distribution for Linux®, Solaris, Windows, and Mac OS X. The package includes the Apache web server, MySQL, PHP, Perl, a FTP server and phpMyAdmin.
Fiddler: Download and try a web debugging proxy that logs all HTTP(S) traffic between your computer and the Internet.
IBM product evaluation versions: Download or explore the online trials in the IBM SOA Sandbox and get your hands on application development tools and middleware products from DB2®, Lotus®, Rational®, Tivoli®, and WebSphere®.

Discuss

The jQuery Mobile Forum: Get all of you jQuery Mobile questions answered.
XML zone discussion forums: Participate in any of several XML-related discussions.
The developerWorks community: Connect with other developerWorks users while exploring the developer-driven blogs, forums, groups, and wikis.