JavaScript Hijacking- A security threat with AJAX applications

Mon, 30 Jul 2007

Today morning, I was going through the security section of IEEE newsletters, and came across to know about a new security threat called “JavaScript Hijacking”, which I think shall be worth sharing with you all. Ajax stands for Asynchronous JavaScript and XML. However, it is possible to completely eliminate usage of XML while using AJAX controls in your applications.  Ajax is a way of designing Web Applications where data is transferred to and from the web site in the background of the page, without the need for a full page refresh when the user interacts with the interface. It gives the web application a feel of desktop applications, increasing the efficiency and performance of web applications. A new kind of security attack has been discovered which targets AJAX based Web-Application only, and is termed as “JavaScript Hijacking”. It allows unauthorized users to read the data from the applications using the techniques similar to those used to create mashups.Read more on the following link-http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: