"But in the rush to add interactive features, security has often been overlooked. Several high profile attacks have exploited
weaknesses in sites using Web 2.0 technologies. The Yamanner worm hit Yahoo mail users, exploiting JavaScript and Ajax code to
collect email addresses, while the Samy and Spaceflash worms spread among MySpace users changing buddy lists and profile
information. Such attacks have heightened concerns that Web 2.0, and Ajax in particular, are introducing new threats to life on
the Web.
Ajax is not that new and it hasn't introduced new vulnerabilities, just variations of old ones. The problem is that Ajax
applications tend to be very complex. There are many more interactions between the browser and server, and pages can even
pull in content from other sites. This makes it difficult to test the many possible permutations of user and service
interaction, allowing old vulnerabilities such as cross-site scripting
(XSS) flaws to be unwittingly introduced in to the application." – TechTarget
Article Link: http://searchsecurity.techtarget.com/columnItem/….
