java
How to Make Ajax Secure
Filed in archive AJAX by gautam on September 18, 2006
How to Make Ajax Secure
We all know how popular Ajax is getting and with its increasing popularity it will certainly attract undue attention. Security issues would crop up as hackers might try to exploit it. The applications of Ajax are executed on a user's machine and a small amount of data is exchanged with the server and hence you are not required to ReLoad the entire webpage. This makes your page more responsive. It makes use of Java Script's XMLHttpRequest object which could be set to operate behind the scenes asynchronously and triggered by a timer or user keystrokes. This implies that JavaScript code on a web page could connect to web servers independently of the user and pull in cross domain content.

There are chances that Ajax could be exploited as most of the web applications comply with a similar origin policy which compels them to connect to the server which delivered the base page but this is not applicable to Ajax scripts. There is always a fear of malicious scripts stealing data stored in cookies or directly accessing the originating server. For e.g. cross site scripting vulnerabilities could be easily exploited.

Michael Cobb has stated five steps as to how you could thwart these threats:

1. The key coding discipline of never trusting the client still applies, so any security controls should be implemented on the server and never controlled by the user.

2. Initially, keep the application straightforward. Reducing and simplifying any Ajax calls makes it easier to evaluate all possible types of requests that can be generated by a page or application during security testing.

3. Document and explain how the application communicates with the server and handles the responses it receives. Cover such issues as SSL connections for sensitive information.

4. Complete security testing prior to moving the application online, with special emphasis placed on checking for access control and input validation flaws.

5. Visit the Web Application Security Project for help with developing secure Ajax applications.


Permalink: How to Make Ajax Secure
Tags: ajax  security  java  script  secure  ajax+secure  make+ajax  java+entrepreneur 
Trackback: http://publish.creative-weblogging.com/publish/mt-tb.pl/36637
img Addthis img Ask img Blinklist img del.icio.us img Digg img Fark img Facebook img Google img Lycos img Ma.gnolia Add this page to Mister Wong Mr Wong img Netscape img Netvousz img Newsvine img Reddit img StumbleUpon img Slashdot img Tailrank img Technorati img Wink img Yahoo

Vote for How to Make Ajax Secure:

  • Currently 6.11/10
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
Rating: 6.11 out of 9 vote(s) cast.
 
Subscribe
Share It
RSSrss
See all blog subscribe options
Google google
What is RSS?
Yahoo! yahoo
Addthis Subscribe using any feed reader!
Bloglines Bloglines
Newsletter

TwitterFollow us on Twitter!