Summary and Info
This book should be required reading for anyone who is developing, working with, or even managing a web application. The application doesn't even have to use Ajax. Most of the concepts in this book are security practices for non-Ajax applications that have been extended and applied to Ajax; not the other way around. For example, SQL injection attacks can exist whether an application uses Ajax or not, but Ajax provides an attacker other "entry points" to try to attack your application. Each service, method, and parameter is considered an entry point.
After reading this book, I am finding myself correcting security errors I am only know finding in my projects. Some corrections I've made concern JSON, the GET vs. POST issue, and others. With the corrections made, I feel that my applications are a lot safer. This book helped make that happen.