Comments on: A Number of Ajax Security Items

By: df

df — Sat, 08 Sep 2007 02:52:48 +0000

fddddd

df
df
df
df

By: A.R.Wolff

A.R.Wolff — Fri, 04 Aug 2006 11:46:53 +0000

Again, we see a current buzz word masking the real news story. Ajax doesn’t cause the vulnerabilities Hoffman (and, presumably others) describe; allowing arbitrary users to post arbitrary HTML does. Of course a person who can inject HTML into a remote site can do bad things — from inappropriate IMG tags, to bad IFRAMES, to the type of XHR attack Hoffman proposed. The popularity of Ajax techniques lowers the bar for malicious code writers, but a site like MySpace — or even a blog comments section — allowing John Q. Public to write HTML has always been a bad idea, regardless thereof.

By: JasonKolb.com

JasonKolb.com — Thu, 03 Aug 2006 19:19:38 +0000

Web 2.0 and AJAX Security Vulnerabilities

Ajaxian has a post about some sessions at the Black Hat USA 2006 conference. I’m quite honestly surprised that this is just gaining some press now, I’ve figured it would happen sooner than it has (but that’s typical for me