Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Ajax Security discussion for the OWASP Guide

from [Andre Ludwig] Network Security [Permanent Link]
Subject: Re: Ajax Security discussion for the OWASP Guide
Date: Fri, 23 Sep 2005 11:12:22 -0400 
I assume you are discussing the Top10?

The top 10 will always try and be explicitly technology independent. 
Unless a technology is so unique and prevalent that it needs to be
addressed with one of the ten highlights there will almost never be a
technology dependent bullet point in the top 10.

Now if i am completely off base and you are discussing a one off guide
for securing AJAX then by all means continue on!

Andre Ludwig

On 23 Sep 2005 13:18:20 -0000, noname@nospace.com <noname@nospace.com> wrote:

AJAX has the capability of subverting the presumed behavior of a web 
application, in the sense that even sophisticated users could not easily tell 
which client/server interactions are taking place and when. This may have 
security implications, for example if an application sends back to the server 
each keystroke as it is typed; this could potentially reveal sensitive 
information (wrong credentials, inadvertently typed by the user, etc.).
It is probably more a problem of policy and of informing the end user of what 
is going on (and actually not all would understand what that means... but 
that's another story).
Basically a new thing to consider is that AJAX may break the usual web 
application paradigm as we know it.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Ajax Security discussion for the OWASP Guide, noname
Next by Date:  Re: Ajax Security discussion for the OWASP Guide, John Manko
Previous by Thread:  Re: Ajax Security discussion for the OWASP Guide, noname
Next by Thread:  Re: Ajax Security discussion for the OWASP Guide, John Manko
Indexes:  [Date] [Thread] [Top] [All Lists]