AJAX Vulnerabilities Could Pose Serious Risks

By Matt Hines  |  Posted 2006-08-03 Print this article Print

News Analysis: Sloppy programming and the rush to add Web 2.0 technology to Web sites could create a significant attack vector that threatens businesses and private users alike.

LAS VEGAS—AJAX technology is rapidly being adopted by online businesses to help boost the interactivity of their Web sites, but a long list of potential vulnerabilities introduced by inexperienced programmers could create a troubling security landscape for Web 2.0 technologies.

Speaking at the ongoing Black Hat security conference being held here July 31 - Aug. 3, Billy Hoffman, lead research engineer in the labs division of Atlanta-based security software maker SPI Dynamics, outlined a range of shortcomings he sees in the current development process for most common AJAX (Asynchronous JavaScript and XML) applications.

AJAX is an extension to the JavaScript programming language that is used to improve the responsiveness of Web sites by automating the exchange of information between browsing software and sites' back-end Web servers.

For instance, the technology can allow a Webmail site to automatically download messages into a user's inbox without requiring the individual to refresh their browser screen. Well-known sites such as Google Maps, Yahoo and MySpace already employ AJAX tools in a number of ways.

Read the full story on eWEEK.com: AJAX Vulnerabilities Could Pose Serious Risks


Submit a Comment

Loading Comments...
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.