Skip to Main Content
Securing Ajax Applications
book

Securing Ajax Applications

by Christopher Wells
July 2007
Intermediate to advanced content levelIntermediate to advanced
256 pages
6h 19m
English
O'Reilly Media, Inc.
Content preview from Securing Ajax Applications

The Threats

The following are some common threats against web applications, ranging from the most common and dangerous forms of cross-site scripting to more legacy vulnerabilities such as buffer overflows and other data handling issues.

Cross-Site Scripting (XSS)

Cross-site scripting (XSS) is a common form of web attack where malicious script or other code that is included in an HTTP response is involuntarily executed by the user's browser. These types of attacks can take almost any form and can be extremely dangerous. Often the attacks include sending private data such as cookies to an attacker. This can be done by redirecting the victim's browser to a web site controlled by the attacker.

Usually, identity theft is what the attackers are looking for here. Attackers steal session identifiers or a user's login credentials and impersonate that victim on legitimate sites. Web applications can be used as a mechanism to transport attacks to an end user's browser. Successful attacks can disclose session tokens, spoof content, or otherwise trick the victim into believing they are on a legitimate web site. After an attacker has navigational control of the victim's session, the game is over.

XSS comes in two basic flavors:

Reflected XSS

Data is reflected immediately back to the browser from data injected on the URL or request—the idea being an attacker formulates a link that includes the malicious script, and the victim clicks that link:

<!-- Reflected XSS example --> <%= request.getParameter("myVar"); ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Ajax Security

Ajax Security

Billy Hoffman, Bryan Sullivan
Firefox Hacks

Firefox Hacks

Nigel McFarlane

Publisher Resources

ISBN: 9780596529314Errata Page