Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Security: Cross-Site Scripting

 
David Attard
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Guys,

Ajax is obviously changing the face of Web Applications, and I (don't we all?) love it. However, there are security implications with JS and Cross Site Scripting. I know there are other security implications with normal web applications, however what would your recommendations be about developing and testing secure Ajax enabled web-applications?
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64851
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
From the point of view of the server, an Ajax request is just like any other. So all the security techniques and patterns that apply to requests in "normal" web applciations still apply. The primary rule being, of course, never trust data from the client. Always validate your data and check credentials regardless of whether a request was generated via a link, a form post, Ajax, or anything else.
 
Axl Weslowski
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by David Attard:
Guys,

Ajax is obviously changing the face of Web Applications, and I (don't we all?) love it. However, there are security implications with JS and Cross Site Scripting. I know there are other security implications with normal web applications, however what would your recommendations be about developing and testing secure Ajax enabled web-applications?


I too am curious what people are using for security testing. Just test drove Selenium IDE and TestGen4Web and Sahi and FireWatir this week. TestGen4Web meets my personal requirements fine, for QA testing with Firefox, but I wonder what tools people are using to automate security testing, of AJAX and other JavaScript.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic