Ajax Security Overview: Problems and Solutions
We've just posted a new article for developers on how to use Ajax without introducing a host of vulnerabilities. Starting from the fundamental premise that we can't trust the client, the article describes three techniques for improving the security of Ajax applications. Here is an excerpt:
Ajax has become a de facto standard for Web user interface development. Developers using a wide array of tools, from Java Sever Pages (JSP) and Java Server Faces (JSF) to Ruby on Rails and PHP, are producing applications with more desktop-application like features because of Ajax. This is a boon for usability but at the cost of increased security risks. The fundamental problem is not there Ajax introduces new security risks (Ajax is a combination of HTML, XML and JavaScript) but that it allows us to increase application exposure to existing risks. This does not have to be the case. If one class of tools can help use introduce vulnerabilities into our applications, another set can help us find them and yet another can help us keep them out. This article will briefly describe some of the more common vulnerabilities and risks associated with applications using Ajax and then describe methods for reducing those vulnerabilities and mitigating the associated risks.
The full article is available here.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
