The security risks of AJAX/web 2.0 applications Export

@article{citeulike:1285183, abstract = {Web 2.0 has become a generic phrase summing up everything that is hot and new about the internet. However, underneath it lie some fundamental concepts, including the writeable web, increased audience participation, and a move away from traditional `click and wait' web applications, in which input was delivered on a page by page basis. AJAX (asynchronous Javascript and XML) is a programming mechanism that has enabled developers to deliver a better experience to web users. However, just as basic Javascript validation mechanisms did before it, AJAX-based applications may be subject to abuse by intruders who can launch attacks designed to bypass login scripts, for example. Programmers and project managers must come to terms with the tension between a better user experience and the potential for security flaws. One way to resolve them is to use robust coding techniques to protect applications. Paul Ritchie, a security consultant at penetration testing company SecureTest, examines the underlying concepts of AJAX and then evaluates some potential attack vectors. The term `web 2.0' was coined by O'Reilly Media following a number of conferences that it hosted in 2004. The popular media latched onto the concept and turned it into a popular phrase that has become synonymous with a new breed of website. Web 2.0 sites typically bring user collaboration to the foreground and offer interactivity closer to that of a desktop application.}, author = {Ritchie, Paul}, citeulike-article-id = {1285183}, citeulike-linkout-0 = {http://www.sciencedirect.com/science/article/B6VJG-4NGKDY6-4/2/8945a7ec84b9063a377b3e0fc6168952}, journal = {Network Security}, keywords = {ajax, security}, month = {March}, number = {3}, pages = {4--8}, posted-at = {2008-01-22 08:11:47}, priority = {2}, title = {The security risks of AJAX/web 2.0 applications}, url = {http://www.sciencedirect.com/science/article/B6VJG-4NGKDY6-4/2/8945a7ec84b9063a377b3e0fc6168952}, volume = {2007}, year = {2007} }

TY - JOUR ID - citeulike:1285183 L3 - citeulike-article-id:1285183 N2 - Web 2.0 has become a generic phrase summing up everything that is hot and new about the internet. However, underneath it lie some fundamental concepts, including the writeable web, increased audience participation, and a move away from traditional `click and wait' web applications, in which input was delivered on a page by page basis. AJAX (asynchronous Javascript and XML) is a programming mechanism that has enabled developers to deliver a better experience to web users. However, just as basic Javascript validation mechanisms did before it, AJAX-based applications may be subject to abuse by intruders who can launch attacks designed to bypass login scripts, for example. Programmers and project managers must come to terms with the tension between a better user experience and the potential for security flaws. One way to resolve them is to use robust coding techniques to protect applications. Paul Ritchie, a security consultant at penetration testing company SecureTest, examines the underlying concepts of AJAX and then evaluates some potential attack vectors. The term `web 2.0' was coined by O'Reilly Media following a number of conferences that it hosted in 2004. The popular media latched onto the concept and turned it into a popular phrase that has become synonymous with a new breed of website. Web 2.0 sites typically bring user collaboration to the foreground and offer interactivity closer to that of a desktop application. IS - 3 JF - Network Security EP - 8 TI - The security risks of AJAX/web 2.0 applications VL - 2007 SP - 4 KW - ajax KW - security AU - Ritchie, Paul PY - 2007/03// UR - http://www.sciencedirect.com/science/article/B6VJG-4NGKDY6-4/2/8945a7ec84b9063a377b3e0fc6168952 ER -