Ajax AJAX Security Tutorials - AJAXwith.com

The ability of modern browsers to use asynchronous requests introduces a new type of attack vectors. In particular an attacker can inject client side code to totally subvert the communication flow between client and server. In fact advanced features of Ajax framework build up a new transparent layer not controlled by the user. This paper will focus...   Read Article.
This app uses javascript and XMLHttpRequest. Your browser must have these enabled to try this out. I didn t put in code that would check for incompability sorry. See limitations section below for other shortcomings....   Read Article.
We are always emphasizing on securing our websites especially when they are Ajax based. There are so many blogs that were written reminding developers the weakness of Ajax because of its complexity. We’ ve also written ourselves some tips to ensure the program you just created is as user friendly as it is secure. But as time goes by newer hacks...    Read Article
One of Ajax’ s most important code functions is the XMLHttpRequest. Without this code it’ s almost impossible for an Ajax based program to run smoothly. Although we can find alternate coding for XMLHttpRequest this code alone could save us hours of coding when we do it the other way. XMLHttpRequest could command JavaScript to POST GET and...
In order to protect websites it is essential to know how it is going to be attacked. One such awareness is to know how to cure cross-site request forgery problem. Though website security may appear hyped the type of attack that could be made possible justifies the security concerns. Today let us take a look at a very simple yet effective method...
Cross Site Script or XSS is one of the popular methods for attacking not only to Ajax based websites but almost any other website that accepts user inputs. Even before Ajax was conceptualized this attack was already practiced by different hackers. There was one hack that was used in 2005 wherein MySpace.com was targeted. It uses a simple JavaScript...
More and more Ajax developers are choosing JSON for their data transfer instead of XML. Although XML has been the pillar of Ajax X is for XML JSON has become the choice of most developers because it was particularly built for JavaScript. Compared to XML JSON is lighter and will work faster compared to XML. This lightweight function enables Ajax...
In a simple HTML website developers will always have the luxury of keeping sensitive information to themselves. When you log in to the admin page of the website the information that you see is solely for those who have proper authorization. Without username and password hackers will have a really hard time figuring out how to access the information...
We have already laid out some of the loopholes that could be used by different hackers. In this article we will take a look at a very basic hack that could be done even by none-developers and how to prevent it. Personally the biggest problem for any Ajax based developer is the transparency of the source code. To understand this let us take a look...
Even with all the flaws that we will find in an Ajax based website there are security measures that we could do to ensure security in our website. Before we go to different security measures let us first note one of the biggest problems in an Ajax based website and application Source Code Availability. Some call it Overly Granular Server...
When browsers when conceptualized the though of applications running through the browser was expected. However what was not expected was that the application actually has multiple sources which are the usual setting of a mash-up. When we run a mash-up application multiple sources are fired up which increase the data output of the application. It...
Just recently Judith Myerson of IBM wrote about the tools that could be used for advancing the security of the Ajax based application. We all know that Ajax is a really nice web development technique but it comes with a security flaw that could be exploited by hackers at anytime. Here are the tools recommended by Myerson so that you can easily build...
JavaScript Hijacking has been proved to be one of the most vicious attacks to any Ajax and JavaScript based website. This type of attack was demonstrated by Jeremiah Grossman a security expert on how to hijack Gmail. The scenario is very scary but thankfully the security flaw was pointed out before any damage has been done to Gmail. But this is...
DNS pinning maybe one of the oldest types of attack an Ajax based application could experience. Unfortunately this is also one of the most vicious types of attack for an Ajax based application. This explains why even after years of countering this problem directly related to JavaScript this type of attack still exists and has evolved into something...
Security is always a top priority for any developer and this reality is even highlighted when the application being developed is Ajax based. It is already an established fact that an Ajax based application could easily provide user friendly applications without having to sacrifice too many resources on the gadget. Along with the user friendly interface...