[WEB SECURITY] "AJAX breathes new life into Web apps"

Nathan Tobik nathan.tobik at vigilantminds.com
Tue May 24 15:32:32 EDT 2005


I've read a bit about AJAX and it's a pretty cool technology.  What I'm
wondering is what are the security implications of using this within web
apps?  

Specifically I am thinking that since the pages use JavaScript what
could happen if a user were to use something like GreaseMonkey
(http://greasemonkey.mozdev.org/) in Firefox or something similar.  Does
Ajax open a server up to client side attacks with Javascript? 

OTOH is anyone using AJAX to enhance the security of their web apps?

Nate Tobik
(412)661-5700 x206
VigilantMinds

<snip>...
Subject: [WEB SECURITY] "AJAX breathes new life into Web apps"

An intro to AJAX article got posted to slashdot today
http://www.infoworld.com/article/05/05/23/21FEwebapp_1.html 

<...>

AJAX is the newly minted acronym encompassing a fresh vision of
empowered browsers: Asynchronous JavaScript and XML. Before AJAX, Web
pages displayed links, forms, and buttons. When a user clicked on a link
or a button, the browser sent a message to a distant server asking what
to display next. JavaScript would typically be used for nothing more
than to check form inputs. Web pages were as static as pages in a book.
" - Infoworld

</snip>

---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list