AJAX (Asynchronous Javascript and XML) Security

Last Update: June 28th

Is Web 2.0 Safe?
Developers warned to secure AJAX design (4/4/07)
Web 2.0 Apps Vulnerable to Attack (4/4/07)
The security risk in Web 2.0
Ajax Security Vulnerabilities Could Pose Serious Risk, foxnews
Worm wriggles through Yahoo mail flaw
JavaScript Worm Targets Yahoo
AJAX Experts Tackle Security, Other Issues
AJAX Security By Stewart Twynham, Bawden Quinn Associates
AJAX breathes new life into Web apps
Is AJAX The Answer For Crypto In Browser-Based Applications?
Will AJAX help Google clean up?
Could Ajax Wash Away 'Smart Clients?

Subverting Ajax, By Stefano Di Paola & Giorgio Fedon December 2006
Myth-Busting AJAX (In)security
Ajax Security, OWASP Appsec Europe Andrew van der Stock
Ajax Security: Stronger than Dirt?
Vulnerability Scanning Web 2.0 Client-Side Components
Hacking Web 2.0 Applications with Firefox
New chapter and verse on Ajax security
What You Should Know About AJAX Security: 24 Tutorials
Ajax security basics
Ajax: A New Approach to Web Applications
Ajax Mistakes
Using the XML HTTP Request object
XMLHttpRequest Introduction
Ajax, promise or hype?
AJAX and scripting Web services with E4X, Part 1
AJAX and scripting Web services with E4X, Part 2
XML in the Browser: Submitting forms using AJAX
Security in an AJAX World
Ajax and secure web communications
Ajax.NET - A free library for the Microsoft .NET Framework
Why AJAX? The benefits of AJAX explained
You got your Ajax in my Ruby
The HttpRequest Object
XMLHttpRequest & Ajax Working Examples
Microsoft XML Development Center (http://msdn.microsoft.com/xml/default.aspx)
AJAX in Action
Very Dynamic Web Interfaces
Dynamic HTML and XML: The XMLHttpRequest Object
Sarissa API

Additional Links
Top 10 Ajax Security Holes Post
Ajax Security Basics
Ajax Storage: A Look at Flash Cookies and Internet Explorer Persistance (New)
XMLHTTP at Wikipedia
AJAX Web Blog
OpenAJAX Blog
Ajax for Java
Direct Web Remoting
Direct Web Remoting HomePage
Google Results for XMLHTTPRequest

News Groups:


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!