stream, 209??“213
Adobe Flash (see Flash applications)
Advanced Encryption Standard (AES), 129
AJAX (Asynchronous JavaScript and XML), 146??“188
ASP.Net, 153
automated testing for, 106??“107
client-server proxy, 146??“147
client-side rendering, 147
and cookies, 166??“176
and custom serialization, 150, 152
Direct Web Remoting, 154, 178??“181
Dojo Toolkit for, 186??“187
and DOM, 72
downstream traffic, 148??“150
framework method, 153??“166
Google Web Toolkit, 154, 181??“183
and HTML, 43
and HTML injection attacks, 41??“42
HTML injections, 41??“42
and HTTP Form POST, 150??“151
and HTTP GET, 150
and JavaScript, 84??“85, 148??“149
and JavaScript arrays, 149, 151
248 Hacking Exposed Web 2.0
AJAX (cont.)
jQuery for, 187??“188
and JSON, 149, 151
malicious, 88, 103??“111
parameter manipulation attacks, 159??“164
SAJAX, 155, 185??“186
SAMY worm, 107??“110
and SAMY worm, 103
and SOAP, 151??“152
testing, with SecurityQA Toolbar, 106??“107
testing for XSS with, 50
types of, 146??“147
unintended exposure, 164??“166
upstream traffic, 150??“152
on the wire, 147??“152
XAJAX, 154??“155, 183??“185
and XML, 148, 152
XMLHTTPRequest, 103??“106
XSS in, 50
Yammer virus, 110
AJAX framework exposures, 178??“188
AJAXEngine, 151
Alcorn, Wade, 91
Alshanetsky, Ilia, 97
Anti-DNS Pinning (Anti-Anti-Anti-DNS
Pinning), 241
Anti-spyware, 243
Apache, 181, 183
Arrays, JavaScript, 149, 151
ASCII, 99
ASP.
Pages:
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432