Monday, 6 August 2007
Beware Of AJAX Security Risks |
| |
|
| |
Researchers speaking at the BlackHat USA conference have said that companies that have used Asynchronous JavaScript and XML (AJAX) to improve corporate web sites may be vulnerable to number of web-based threats.
AJAX allows a Web site to refresh content without reloading an entire page.
Billy Hoffman, lead research and development engineer at SPI Dynamics Inc said that many corporate Web developers are not paying attention to basic AJAX security issues.
Among the biggest threats, said Hoffman, is that poorly coded AJAX sites can provide hackers with an opening to change the order in which a program executes functions.
“Any secrets stored in JavaScript will be found and exploited,” Hoffman said. “This is a far easier mistake to make in an AJAX application than in a traditional Web application because the client plays a larger role in data processing, presentation and possibly storage.” |
| |
|
|
| |
|
|
| |
|
|
| |
|
