Interesting article on Security Focus looking at the security implications of AJAX technologies and also the implications for Penetration testing AJAX enabled applications.
In terms of the security risks of AJAX it will be interesting to see how well frameworks like Atlas and RoR take care of this for the developer. One thing I noticed in testing .NET v2 applications was the in-built input validation really cuts down on XSS and SQL Injection vulnerabilities, instead of the "old days" with classic ASP where I could virtually guarantee some kind of input validation problem somewhere...
Leave a comment