• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Security: Cross-Site Scripting

 
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Guys,

Ajax is obviously changing the face of Web Applications, and I (don't we all?) love it. However, there are security implications with JS and Cross Site Scripting. I know there are other security implications with normal web applications, however what would your recommendations be about developing and testing secure Ajax enabled web-applications?
 
Sheriff
Posts: 67749
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
From the point of view of the server, an Ajax request is just like any other. So all the security techniques and patterns that apply to requests in "normal" web applciations still apply. The primary rule being, of course, never trust data from the client. Always validate your data and check credentials regardless of whether a request was generated via a link, a form post, Ajax, or anything else.
 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by David Attard:
Guys,

Ajax is obviously changing the face of Web Applications, and I (don't we all?) love it. However, there are security implications with JS and Cross Site Scripting. I know there are other security implications with normal web applications, however what would your recommendations be about developing and testing secure Ajax enabled web-applications?



I too am curious what people are using for security testing. Just test drove Selenium IDE and TestGen4Web and Sahi and FireWatir this week. TestGen4Web meets my personal requirements fine, for QA testing with Firefox, but I wonder what tools people are using to automate security testing, of AJAX and other JavaScript.
reply
    Bookmark Topic Watch Topic
  • New Topic