Myth: Ajax applications do not have an increased attack surface when compared to traditional applications.
Many of the features that make Ajax applications more responsive, such as partial page updates, involve exposing more inputs on the Web server. For example, adding an automatic completion feature to a search box typically involves hooking a keypress event for the text box and using
XMLHttpRequest to send what the user has typed to a Web service on the server. In a traditional Web application, the search box has a single point of attack: the form input. In the Ajax-enabled version, the autocomplete search box now has two points of attack: the form input and the Web service.
To help understand ...