This is bad news. AJAX spawns more vulnerability to web applications by increasing and adding attack vectors. This is because of the extensive usage on client side scripting. Typical attack scenarios are imaginable:
- Method Discovery
- Parameter Tampering
- XSS (Cross-Site Scripting)
- XSRF (Cross-Site Request Forgery)
This is not just true for poor coding. Existing frameworks are prone to such security leaks too. And, such attacks don’t demand extensive geek-knowledge. A couple of reasons can be identified. The fact that JavaScript has no inherent security model might be the most important one. The asynchronous model increases the chance to guess and tamper parameters. Request that return JavaScript are especially vulnerable. In general, the increased complexity of client-side scripting makes it harder to avoid un-secure
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment