Library tutorials & articles
Testing for Security in the Age of Ajax Programming
- Introduction
- It's in the Code
- Thinking like a Hacker
Introduction
Ajax programming is one of the most exciting new technologies in recent history. Ajax (Asynchronous Javascript and XML) allows a web page to refresh a small portion of its data from a web server, rather than being forced to reload and redraw the entire page as in traditional web programming. Since they can make frequent, small updates, web applications written with Ajax programming can present user interfaces that are more like desktop applications, which are more natural and intuitive interfaces for most users. However, just like Uncle Ben said to Peter Parker (aka Spider-Man™)1, with great power comes great responsibility. Web applications have become prime targets for malicious users and hackers performing SQL injection and similar attacks.
The flexibility and creativity that Ajax programming affords the developer also places a corresponding burden on him to ensure that his code is secure against these new threats. Also, since delivering a secure application is part of delivering a quality application, the burden is probably felt even greater by the Quality Assurance (QA) team. The QA team will now need to develop an entirely new set of functional, performance and security testing methods in order to thoroughly test the quality of applications using Ajax programming against SQL injection attacks and other security concerns.
Bryan Sullivan is a development manager at SPI Dynamics, a Web application security products company. Bryan manages the DevInspect and QAInspect Web security products, which help programmers mainta...
Related articles
Related discussion
-
Buy cheap Xanax overnight. Cheap Xanax. Overnight delivery of Xanax in US no prescription needed. Cheapest Xanax.
by asleymar (0 replies)
-
Buy Soma online without a prescription. Soma drug no prescription. How to get Soma prescription. Soma cod accepted.
by asleymar (0 replies)
-
Cheap online order Fioricet. Cheap discount Fioricet. Offshore Fioricet online. How to buy Fioricet online without a prescription.
by asleymar (0 replies)
-
Buy Ambien no visa without prescription. Not expensive Ambien prescriptions. Ambien no rx. Cod delivery Ambien.
by asleymar (0 replies)
-
Tramadol without doctor rx. Buy Tramadol over the counter cod overnight. Cheap Tramadol cod delivery. Buy Tramadol from mexico online.
by asleymar (0 replies)
Related podcasts
-
Beyond Ajax - Java Rich Internet Applications
AJAX is great for many applications, but not for all. When applications get large, need to scale, or require superior security, Java-based Rich Internet Applications (RIA) are preferable. There is a simple reason for this: Java offers the most advanced, most standardized, and most reliable cr...
Events coming up
-
Apr
17
WebTech Conference 2010 - Bulgaria
Veliko Turnovo, Bulgaria
6th edition of WebTech conference will be held. A 2 day conference about : - Web Technologies - Blogs and blogging - Web 3.0 - Open Web - Mobile technologies - Internet Business
This article just seems to be written just for Google page rank. There is absolutely no substance in it concerning Ajax.
It looks like there is no flaw in the Ajax model, for the example you mentioned could have been tried with the Non-Ajax Model also and still the application could have been suspectible to Sql Injection attack, which is a basic attack, the basic flaw that i saw was the programmer should have used the Parameterized commands instead of inline sql queries or better still the 3-Tier Architecture using Parameterized commands, which the most basic and common-sense approach to develop Web Applications.
I don't think that having Ajax will save the programmer from the Sql Injection Attack!
because Ajax was not designed to secure the programmer from these attacks. I think it is stupid to even think in this directions,...."... that why the application is still suspectible to Sql Injection attack, even though i had Ajaxified it?.
Ajax or No Ajax, First, the programmer should always get his basics clear!
I really liked the spirit and the language of the article, thanks for this nice article.
Regards,
Mahernoz
This thread is for discussions of Testing for Security in the Age of Ajax Programming.