For this reason, a client-server proxy style AJAX implementation is
quite interesting and useful from an attacker??™s perspective.
Client-Side Rendering
Client-side rending applications have two main determining factors: they still require
fairly frequent page reloads during usage, and session state is stored on the server. These
AJAX frameworks are occasionally referred to as ???HTML++ frameworks??? as they are far
more focused on producing visual effects on the client. Due to their primary focus on visual
effects, they often generate their JavaScript in such a way that it is not expected that
the developer will muck around with it once it has been generated. Since it is assumed by
the toolkit that developers will not be changing any of the generated JavaScript, the script
will often be obfuscated into a form that makes it much more difficult for a human to read.
Because of this, method discovery against a client-side rendering framework is often very
difficult. In addition to the complexity of method discovery, client-side rendering applications
focus primarily on simply producing visual effects, which makes client-server proxy
style AJAX applications far more interesting for attackers.
Pages:
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284