Ajax Security: Stronger than Dirt?
A look at the security implications of Ajax
Ajax allows the development of more feature rich, asynchronous applications, but in doing so opens up new possibilities for attackers. We look at the relevant security issues and their possible solutions.
Amongst both traditional web applications and their Ajax counterparts, Cross Site Scripting (XSS) remains a major and often underestimated problem, that affords potential attackers a range of attack vectors. Ajax provides attackers not only with a wealth of new, potentially vulnerable applications but also with more powerful methods to exploit them. In a traditional web application attackers have historically had to focus their intentions on browsers in a wait state, and this in many instances provided visual clues that the application was not behaving quite as it should.
With the introduction of asynchronous behaviours, malicious code can quietly and surreptitiously be performing all manner of harmful activities as a result of XSS without 'clues' being provided to the user. Recent examples of this include the behaviours of the JS.Spacehero worm , and the JS.Yamanner  worm which recently exploited flaws in Yahoo's input validation routines and code filters. Although neither of these two real world attacks have caused much widespread damage in the wild, the fact that attackers are focusing on using a traditional and well known vector such as XSS against emerging implementations of Ajax application should be of concern to anybody choosing to embrace this 'Web 2.0' technology.
+ "what=" + document.cookie)
Persistent XSS is potentially of grave concern, and as web applications evolve into more asynchronous and feature rich environments, developers need to pay serious heed to what is historically perceived as a minor threat. The solution to these attack vectors is a simple one, and relies upon developers taking into account the basic functionality of the XMLHTTPRequest object as well as ensuring that input validation mechanisms are up to scratch.