Comments on: AJAX: Is your application secure enough?

By: eM3rC

eM3rC — Fri, 22 Feb 2008 02:33:47 +0000

Thanks Mike for the post!

I hadn’t heard of that program before but from what you been saying it sounds like a good piece of software to add for a network security person’s arsenal.

By: Michael

Michael — Thu, 21 Feb 2008 23:57:59 +0000

“Analysing HTTP traffic analysis with tools like ethereal (yeh I like GUIs so sue me) surely comes in handy to figure out whether applications you use are actually safe from exploitation. This application allows one to easily filter and follow TCP streams so one can properly analyse what is happening there.”

I couldn’t agree more. My company uses Network Instruments Observer (http://www.networkinstruments.com) and it works like a charm.

Cheers,
Mike

By: eM3rC

eM3rC — Wed, 13 Feb 2008 02:33:01 +0000

I can personally vouch for Acunetix and say it is an awesome vulnerability scanner. Only downside is it costs money, but if you do it for a profession I think it is worth every cent.

By: Pantagruel

Pantagruel — Tue, 12 Feb 2008 18:24:49 +0000

Read here for some info:

http://www.jeremiahgrossman.blogspot.com/2007/10/best-web-application-vulnerability.html

or try acunetix

http://www.acunetix.com/vulnerability-scanner/

By: J. Lion

J. Lion — Tue, 12 Feb 2008 18:12:37 +0000

Is there a vulnerability scanner that can check for AJAX vulnerabilities that we can use during development (coding)?

By: John

John — Tue, 29 Jan 2008 19:24:29 +0000

Nice article

By: Adeeb Rantawi

Adeeb Rantawi — Tue, 13 Nov 2007 23:09:57 +0000

Please Dennis, would you guide me how to use AJAX properly? I want to learn from you and other gurus..

Please post your ways in a practical and real life example, and I will be thankful.

By: Dennis

Dennis — Tue, 13 Nov 2007 22:25:57 +0000

The main problem is always bad programming style and not the language or in this case Ajax.

If u use it proberly it won’t be a problem…

anyway, nice and detailed article… thx

By: AJAX Security Considerations… at M and L Adventures

AJAX Security Considerations… at M and L Adventures — Fri, 10 Aug 2007 12:34:19 +0000

[...] so you know where to start more about AJAX security, Darknet offers some good insight on securing AJAX by explaining some of the common ways to attack AJAX [...]

By: Adeeb Rantawi

Adeeb Rantawi — Wed, 25 Apr 2007 12:38:37 +0000

Unfortunately you are completely right Guy.. I wish that FireFox will support HTTP_REFERER in their XMLHttpRequest() object in near future so that AJAX scripts can be tied to running server, noting that all browsers does support it except FireFox. I will go to mozilla.org and post a wish with explanation.

For now, all I can do is to include an HTML copyright comment inside results and to append add-on links to it such as “Suggest Something”, “Tell a Friend”, etc., so that when user clicks it s/he will go to my web site in case results are displayed somewhere else!