Security
Just recently, Judith Myerson of IBM wrote about the tools that could be used for advancing the security of the Ajax based application. We all know that Ajax is a really nice web development technique but it comes with a security flaw that could be exploited by hackers at anytime.
Here are the tools recommended by Myerson so that you can easily build an Ajax based application with great security features:
aSSL (Ajax Secured Service Layer) – This tool could be integrated in an Ajax based application to implement SSL. However, it does not go with the usual HTTPS because Ajax does not have that URL functionality. aSSL works by enabling a client so that the 128-bit key should be implemented. aSSL uses RSA algorithm to establish the connection but once the connection is complete, aSSL uses the AES algorithm to ensure security during the exchange of information. This tool could is ideally useful for chats or anything that does not need strong protection. Unfortunately, this does not issue any security certification but the security is assured in simple applications.
HTMLProtector – This tool is very useful in terms of gaining tips on what part of your website is the most vulnerable. HTMLProtector checks all the sites and their functions that run through your server and once it is done, it recommends which functions are the most vulnerable. The greatest advantage of this application is the prevention of the source code from showing up. This function also has the capability to monitor bots that tries to get through some processes to gain information and even prevent auto-downloads by users and bots.
AWVS (Acunetix Web Vulnerability Scanner) Free Edition – This free application is one of the best innovations in helping developers address the biggest threat in Ajax based applications: cross-site scripting. This application scans your application and looks for vulnerabilities as well as suspicious attacks on your Ajax based application. This application also helps developers in preventing SQL attacks so that their database will be secured at all time. What is even impressive is that this tool will give you access to Google’s own information on database hacking. This will prevent your site from being attacked using search engine hacks.
AjaxDNS Tools – Look for these tools online as these are very light yet very helpful tools for your Ajax based application. Basically, these functions will give you more information on who tries to access your website by using whois, ping and comparing that site to the RBL (reputation and block lists)
Despoof – A very powerful tool that needs a little bit of familiarity but when you’re ready to use it, you will practically protect your site to most attacks to your Ajax based application. Despoof identifies spoofed packets so that tries to access your Ajax based application. Despoof compares the spoof packet to the real packet by using Time-to-Live data of your Ajax based application. Since spoofed packet cannot replicate TTL, it will never be able to access your Ajax based application using this type of attack.
