« Cenzic Patent Case Worries Web Researchers, Vendors | Main | Monster attack steals user data »

JSON, Ajax & Web 2.0: Sounds like a classical reinvention, but this volatile trio opens the door to serious vulnerabilities

"Now that Web 2.0 hype is at full tilt, much ado's being made over Ajax framework vulnerabilities and other new-fangled bugs. A prime example of this phenomenon is the spectacular Javascript hijacking vulnerability discovered by Fortify Software (login required). Every security bug like this deserves some ink, but too much focus on bugs may cause many security-minded developers to miss the big Web 2.0 security picture. Developers darn well need to be concerned about security bugs when they wield Ajax, but they also need to think very carefully about trust boundaries."

Paper Link: http://www.darkreading.com/document.asp?doc_id=125931

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.


All Comments are Moderated and will be delayed!