CGISecurity Logo

Top 10 Ajax Security Holes Post

RSnake provides some much needed insight into the AJAX craze.

"However, I'd like to point out, as I have before that really users should not consider AJAX to be another
security risk. It is the same old risk that we have always faced, except there is more client side code that
can be circumvented now. The more logic you create on the browser for parsing and security the more you must
insure that your backend also protects you at the same time, since all client side security can be circumvented
in one way or another"

Also linked is an article discussing 10 Ajax Security 'issues' along with RSnake's perspective.

Article Link: http://ha.ckers.org/blog/20061113/top-10-ajax-security-holes-post/