Robert Hurlbut Blog

Thoughts on Software Security, Software Architecture, Software Development, and Agility

Watch for Javascript Hijacking in your AJAX applications

Wednesday, April 4, 2007 Comments

 .NET   ArchitecturePatterns   ASP.NET   Security 
Share:   Share on LinkedIn    Share on Twitter    Share on Google+    Share on Facebook   

Over the weekend at the New England Code Camp 7 conference, I mentioned briefly about some of the potential security problems with AJAX. Dana Epp has a post about the new class of attack vectors using Javascript Hijacking against AJAX, and ultimately, ATLAS, applications. He points to a research paper by Fortify Software that details the vulnerabilities, how the attacks could be performed, and ways to mitigate against them.

Be sure to read Dana's post and read the research paper. Consider Dana's post and warning to make mitigating against this type of threat as part of your own company's threat model process.

Share:   Share on LinkedIn    Share on Twitter    Share on Google+    Share on Facebook