Unfortunately, while AJAX incorporates the best capabilities of both thick-client and thin-client architectures, it is vulnerable to the same attacks that affect both types of applications. Thick-client applications are insecure because they could be decompiled and analyzed by an attacker. The same problem exists with AJAX applications - in fact even more so, because in most cases the attacker does not even need to go to the effort of decompiling the program. Knowing the attack surface and the architectural weakness of a chosen AJAX framework lays the foundation for a software architect to design and develop secure and enterprise-ready AJAX web applications. This paper does not only discuss general vulnerabilities of AJAX-based web applications, but reflects these in a real-world example showing the attack surface for applications built with state-of-the-art AJAX frameworks like JBoss Seam and Google Web Toolkit. The findings of this paper help software architects and developers to get a practical understanding of potential attacks. They are a contribution to increase the security of web applications.
Security of Java based AJAX frameworks
- Authors
- Georg Raffer
- ISBN
- 363914192X
- Published
- 02 Apr 2009
- Purchase online
- amazon.com
Unfortunately, while AJAX incorporates the best capabilities of both thick-client and thin-client architectures, it is vulnerable to the same attacks that affect both types of applications. Thick-client applications are insecure because they could be decompiled and analyzed by an attacker. The same problem exists with AJAX applications - in fact even more so, because in most cases the attacker does not even need to go to the effort of decompiling the program.
Editorial Reviews
You might also like...
Security books
-
Spring Roo 1.1 Cookbook
Over 60 recipes to help you speed up the development of your Java web applications using the Spring Roo development tool *Learn what goes on behind the scenes when using Spring Roo and how to migrate your existing Spring applications to use Spring R...
Security jobs
-
Build simple tools to solve complex problems at Red Gate
Red Gate Software in Cambridge, UK, United Kingdom
£35,000-55,000 GBP per year -
Java Developer - (Central London & Client Sites)
Fruitful Business Services in London (EC1V), United Kingdom
£27-45k (DOE) -
Content Developer - (Games Studio) - Cambridge
Jagex in Cambridge (CB1), United Kingdom
£Very Competitive +Excellent Benefits -
Senior C++ Developer/ Full-time Atlanta, GA for leader in Software Supply Chain Solutions
Manhattan Associates in Atlanta, United States
Competitive Salary + Bonus as well as Full Benefits (Medical, Dental, strong 401K, etc.)
Security podcasts
-
Java Posse: "Dickless"
Published 7 years ago, running time 0h0m
“Dickless”Fully formatted shownotes can always be found at http://javaposse.com *Interfaces, classes, and API design Blog: http://graphics-geek.blogspot.com/2013/03/for-api-nerds-interfaces-and-inner.html Default Methods: http://www.techempower.com/blog/2013/03/26/everythin.
Comments