JavaScript Hijacking- A security threat with AJAX applications
Mon, 30 Jul 2007
Today morning, I was going through the security section of IEEE newsletters, and came across to know about a new security threat called “JavaScript Hijacking”, which I think shall be worth sharing with you all. Ajax stands for Asynchronous JavaScript and XML. However, it is possible to completely eliminate usage of XML while using AJAX controls in your applications. Ajax is a way of designing Web Applications where data is transferred to and from the web site in the background of the page, without the need for a full page refresh when the user interacts with the interface. It gives the web application a feel of desktop applications, increasing the efficiency and performance of web applications. A new kind of security attack has been discovered which targets AJAX based Web-Application only, and is termed as “JavaScript Hijacking”. It allows unauthorized users to read the data from the applications using the techniques similar to those used to create mashups.Read more on the following link-http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
