Top 10 Ajax Security Holes and Driving Factors

November 14th, 2006 · No Comments

One of the central ingredients of Web 2.0 applications is Ajax encompassed by JavaScripts. This phase of evolution has transformed the Web into a superplatform. Not surprisingly, this transformation has also given rise to a new breed of worms and viruses such as Yamanner, Samy and Spaceflash. Portals like Google, NetFlix, Yahoo and MySpace have witnessed new vulnerabilities in the last few months. These vulnerabilities can be leveraged by attackers to perform Phishing, Cross-site Scripting (XSS) and Cross-Site Request Forgery (XSRF) exploitation.

There is no inherent security weakness in Ajax but adaptation of this technology vector has changed the Web application development approach and methodology significantly. Data and object serialization was very difficult in the old days when DCOM and CORBA formed the core middleware tier. Ajax can consume XML, HTML, JS Array, JSON, JS Objects and other customized objects using simple GET, POST or SOAP calls; all this without invoking any middleware tier. This integration has brought about a relatively seamless data exchange between an application server and a browser. Information coming from the server is injected into the current DOM context dynamically and the state of the browser’s DOM gets recharged. Before we take a look at security holes let’s examine the key factors that seem to be driving Web 2.0 vulnerabilities. HNS - Top 10 Ajax Security Holes and Driving Factors

The Network Security. Org

Top 10 Ajax Security Holes and Driving Factors

November 14th, 2006 · No Comments

From around the Web

Advertisments

Sponsors

Sponsors

Earlier Archives

Web Links