Andi Egloff's Weblog

Ajax and Web 2.0 vulnerabilities

As the new world order is forming around AJAX and the (terribly overloaded term) Web 2.0 a lot of new pain points are surfacing or are being amplified. As adoption becomes more wide spread and the applications move out of research labs into serious applications the motivation increases to address these new challenges.

One of these is security of AJAX and Web 2.0; and there is a lot of basic information out there; but is it enough to just give that a glance? Ignorance is only bliss until it bites you.

I personally found that looking at what you're doing purely from a vulnerabilities perspective is an incredible eye opener. And I invite you to take that journey as well, this is the link to a very well written and detailed view into this world of security:

Attacking AJAX Web Applications

It doesn't stop at just covering the basics of attacks at different levels (such as JSON, XML, JavaScript, XMLHttpRequest, XSS etc), it then applies these to an analysis of some popular frameworks includig DWR, GWT and Atlas.

Tags: ajax web2.0 security vulnerabilities XMLHttpRequest JSON JavaScript XSS attack application

Posted at 01:32AM Jan 12, 2007 by Andreas Egloff in Software Architecture  |  Comments[0]