"Now that Web 2.0 hype is at full tilt, much ado's being made over Ajax
framework vulnerabilities and other new-fangled bugs. A prime example
of this phenomenon is the spectacular Javascript hijacking
vulnerability discovered by Fortify Software (login required). Every
security bug like this deserves some ink, but too much focus on bugs
may cause many security-minded developers to miss the big Web 2.0
security picture. Developers darn well need to be concerned about
security bugs when they wield Ajax, but they also need to think very
carefully about trust boundaries."
Paper Link: http://www.darkreading.com/document.asp?doc_id=125931
