The case study shows how severely the security impact of cross-domain issues can be.
Part III
The third part of this book is dedicated to AJAX. Since Web 2.0 web applications often
involve AJAX, dedicating two full chapters to it was barely enough to cover the basics.
Chapter 6 begins with an overview of the different types of AJAX applications and
methods to perform discovery/enumeration. When targeting AJAX applications,
different enumeration must be performed when compared to Web 1.0 applications.
Enumeration of the type of AJAX application and how it interacts on the wire is covered
here. Additionally, since AJAX applications often use an AJAX framework, an overview
of the frameworks themselves is provided. Chapter 7 rounds out the AJAX framework
discussion by walking through each one and discussing their security exposures. With
many frameworks to choose from, the chapter discusses the most popular frameworks
in the market. The chapter dives deep into each of them; showing their security strengths
and weaknesses. For example, some AJAX frameworks offer built-in protection for CSRF
attacks, while others require that developers build their own protections into their
applications.
Pages:
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56