0 applications using AJAX as
well as Web 1.0 applications using powerful JavaScript functions. This chapter shows
Introduction xxiii
xxiv Hacking Exposed Web 2.0
that the things that make AJAX and JavaScript attractive for developers, including its
agility, flexibility, and powerful functions, are the same things that attackers love about
it. It shows how to use malicious JavaScript/AJAX to compromise user accounts, web
applications, or cause general disruption on the Internet. The key topics in this chapter
are common tools for JavaScript manipulation as well as the use of malicious AJAX.
Chapter 5 focuses on .Net Security. ASP.Net development environments are quite common
on modern web applications. .Net offers security protections against many attack
classes; however, many attack surfaces still exist. The .Net chapter focuses on attacks on
.Net enabled applications, but also describes the many protections that .Net brings to the
table. Part II concludes with a case study on cross-domain attacks. This case study walks
through a real-world example in which a user is tricked into transferring a large amount
of money from an online financial account by simply reading a news article on the web.
Pages:
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55