AJAX security basics

AJAX security is no different than normal web application security, except that it can add lots of complexity to a site and make black-box auditing much more difficult.

-----Original Message-----
From: Andrew van der Stock [mailto:[email protected]]
Sent: Tuesday, June 20, 2006 4:43 AM
To: Webappsec ((((E-mail))))
Subject: Fwd: SF new article announcement: Ajax security basics

This was posted to SecurityFocus.com yesterday.

Their article is eerily similar to my Ajax presentation from February
(particularly if you've seen me give the presentation), and even more
similar to the draft Ajax chapter I wrote shortly after for the OWASP
Guide (now posted to our Wiki - http://www.owasp.org/index.php/
Ajax_and_Other_%22Rich%22_Interface_Technologies). Hmmmm. As the saying
goes, this is the best form of flattery. I suppose.

If you haven't had a chance to read up on Ajax security, their article
is a start... as is my presentation (http://www.greebo.net/?
page_id=329) and the draft chapter in the OWASP Guide 3.0 current.

thanks,
Andrew

Begin forwarded message:

> > Ajax security basics
> > By Jaswinder S. Hayre, and Jayasankar Kelath
> > 2006-06-19
> >
> > The purpose of this article is to introduce some of the security
> > implications with modern Ajax web technologies. Though Ajax
> > applications can be more difficult to test, security professionals
> > already have most of relevant approaches and tools needed.
> >
> > http://www.securityfocus.com/infocus/1868