Ajax is obviously changing the face of Web Applications, and I (don't we all?) love it. However, there are security implications with JS and Cross Site Scripting. I know there are other security implications with normal web applications, however what would your recommendations be about developing and testing secure Ajax enabled web-applications?
From the point of view of the server, an Ajax request is just like any other. So all the security techniques and patterns that apply to requests in "normal" web applciations still apply. The primary rule being, of course, never trust data from the client. Always validate your data and check credentials regardless of whether a request was generated via a link, a form post, Ajax, or anything else.
Ajax is obviously changing the face of Web Applications, and I (don't we all?) love it. However, there are security implications with JS and Cross Site Scripting. I know there are other security implications with normal web applications, however what would your recommendations be about developing and testing secure Ajax enabled web-applications?
I too am curious what people are using for security testing. Just test drove Selenium IDE and TestGen4Web and Sahi and FireWatir this week. TestGen4Web meets my personal requirements fine, for QA testing with Firefox, but I wonder what tools people are using to automate security testing, of AJAX and other JavaScript.
0
