AJAX and the basics of web security
Web applications is booming again since the rapid adaptation of AJAX, but let us not forget the basic security measures we have to put in place. If we rely too much on javascript validation to make a "sane" XMLHttpRequest request then we have to rework it since any decent hacker can create a custom browser that allows arbitrary calls to any exposed AJAX methods.
Check out the Open Web Application Security Project's top ten list of security flaws: http://www.owasp.org/documentation/topten.html
0 comments:
Post a Comment