dcsimg
 
 

AJAX Vulnerabilities Could Pose Serious Risks

By Matt Hines  |  Posted 2006-08-03 Print this article Print
 
 
 
 
 

News Analysis: Sloppy programming and the rush to add Web 2.0 technology to Web sites could create a significant attack vector that threatens businesses and private users alike.

LAS VEGAS—AJAX technology is rapidly being adopted by online businesses to help boost the interactivity of their Web sites, but a long list of potential vulnerabilities introduced by inexperienced programmers could create a troubling security landscape for Web 2.0 technologies.

Speaking at the ongoing Black Hat security conference being held here July 31 - Aug. 3, Billy Hoffman, lead research engineer in the labs division of Atlanta-based security software maker SPI Dynamics, outlined a range of shortcomings he sees in the current development process for most common AJAX (Asynchronous JavaScript and XML) applications.

AJAX is an extension to the JavaScript programming language that is used to improve the responsiveness of Web sites by automating the exchange of information between browsing software and sites' back-end Web servers.

For instance, the technology can allow a Webmail site to automatically download messages into a user's inbox without requiring the individual to refresh their browser screen. Well-known sites such as Google Maps, Yahoo and MySpace already employ AJAX tools in a number of ways.

Read the full story on eWEEK.com: AJAX Vulnerabilities Could Pose Serious Risks



 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.

By submitting your information, you agree that baselinemag.com may send you Baselinemag offers via email, phone and text message, as well as email offers about other products and services that Baselinemag believes may be of interest to you. Baselinemag will process your information in accordance with the Quinstreet Privacy Policy.

Click for a full list of Newsletterssubmit