Ajax Security
64- Restricting Access to your AJAX Services
If you are not careful with the design of your services, JSONP techniques could be used to hijack your services. - MySpace, YouTube successes open door to Web 2.0 dangers
Ajax is not that new and it hasn't introduced new vulnerabilities, just variations of old ones. The problem is that Ajax applications tend to be very complex. There are many more interactions between the browser and server, and pages can even pull in - Top 10 Web 2.0 Attack Vectors
This technological transformation is bringing in new security concerns and attack vectors into existence. Yamanner, Samy and Spaceflash type worms are exploiting “client-side” AJAX frameworks, providing new avenues of attack and compromising some of - aSSL Ajax Secure Service Layer
aSSL enables the client to negotiate a secret random 128-bit key with the server using the RSA algorithm. Once be connection has been established, the data will be sent and received using AES algorithm. - Restricting Access to your AJAX Services
Services like the XmlHttpProxy for Java are designed to return JavaScript that is evaluated on the client. Unfortunately, if you are not careful with the design of your services, JSONP techniques could be used to hijack your services... - The security risk in Web 2.0
Web 2.0 is causing a splash as it stretches the boundaries of what Web sites can do. But in the rush to add features, security has become an afterthought, experts say... - Exploiting the XmlHttpRequest object in IE - Referrer spoofing
It seems that the same origin security policy ensures that the power of XmlHttpRequest is only used in a secure manner (after all, if the Javascript code can only access the server it originated from, then what harm can be done, except for XSS condit - Technical explanation of the MySpace worm
- DevX: Using the XMLHttpRequest Object and AJAX to Spy On You
Every nerd loves the XMLHttpRequest. It supplies the functionality of which Web programmers' dreams are made. Web applications start behaving like desktop applications. Things work as they're "supposed to," freeing the Mum-and-Dad end users from need - Proof of Concept: Browser-Based Field Encryption With Blowfish Via Ajax
A few days ago, I wondered about the possibility of building a practical brower-based scheme for data field encryption using Ajax. What I'm hoping for is a way to build browser apps that can be totally secure even though they are hosted by an applica - Security in an Ajax World
If data is more openly available as XML over HTTP, it’s going to be pretty damn easy for a smart hacker to get access to that data to make applications like this impressive example… which is great, but undoubtedly someone eventually will feel like th - How the History of Greasemonkey Security Affects You Now
Once upon a time, there was a security hole. (This is not your standard fairy tale. Stay with me.) Greasemonkey's architecture has changed substantially since it was first written. Version 0.3, the first version to gain wide popularity, had a fundame - Greasemokey XMLHTTPRequest leak
This particular exploit is much, much worse than I thought. GM_xmlhttpRequest can successfully "GET" any world-readable file on your local computer...
Share it! — Rate it: up down [flag this hub]
working