User accounts had to be created at each access level, and every combination
of form had to be submitted. Once this was complete, an attacker had to analyze
traffic captures of all these activities and choose the functions out of the logs. This is why
web application vulnerability scanners have typically been complex and expensive pieces
of software; they must simulate a human clicking through each area of the application
before a full list of methods can be acquired and comprehensive attacks can begin.
In the Web 2.0 world, this process is often greatly simplified. Whereas Web 1.0 applications
were generally quite sequential and controlled, AJAX applications have the
ability to send requests at any time and in any order. Due to this fact, the client needs to
know all of the server functionality up front. This often means a large chunk of JavaScript
is sent to the client during the initial few requests, which describes all the methods
that the server exposes. If an application sends down a JavaScript file with a list of all
exposed methods, method discovery can be reduced from hours to minutes.
The actual process of method discovery in an AJAX application varies on a caseby-
case and framework-by-framework basis.
Pages:
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295