Sunday, December 3rd, 2006
What Hat Security digs deep into the mess of “Ajax is insecure” hype with their article on Myth-Busting AJAX (In)security.
- Does AJAX cause a larger â€œAttack Surfaceâ€? No.
- Does AJAX make the â€œAttack Surfaceâ€ harder to find? Yes and No.
- Can AJAX cause â€œDenial of Serviceâ€? Not really.
- Does AJAX rely on client-side security? No.
- Does AJAX lead to poor security decisions? Sort of.
- Does AJAX make Cross-Site Scripting (XSS) attacks worse? I hope not.
- Does AJAX change security best practices? No.
Does this article exhibit common sense? Yes. Does it answer its own questions like Donald Rumsfeld? Yes.
Posted by Dion Almaer at 9:59 am