Testing for Security in the Age of Ajax Programming

• • Reply

  6 years ago

  by Mahernoz

  Mahernoz Daruwala

  Vadodara, India

  Joined 6 years ago
  Hi,
  
  It looks like there is no flaw in the Ajax model, for the example you mentioned could have been tried with the Non-Ajax Model also and still the application could have been suspectible to Sql Injection attack, which is a basic attack, the basic flaw that i saw was the programmer should have used the Parameterized commands instead of inline sql queries or better still the 3-Tier Architecture using Parameterized commands, which the most basic and common-sense approach to develop Web Applications.
  
  I don't think that having Ajax will save the programmer from the Sql Injection Attack!
  because Ajax was not designed to secure the programmer from these attacks. I think it is stupid to even think in this directions,...."... that why the application is still suspectible to Sql Injection attack, even though i had Ajaxified it?.
  
  Ajax or No Ajax, First, the programmer should always get his basics clear!
  
  I really liked the spirit and the language of the article, thanks for this nice article.
  
  Regards,
  Mahernoz
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  Report abuse
• • Reply

  3 years ago

  by blogfart

  blogfart

  , United States

  Joined 8 years ago

  This article just seems to be written just for Google page rank. There is absolutely no substance in it concerning Ajax.

  Report abuse