jQuery Penetration Tests | ansaurus

tags:

views:

42

answers:

1

+1 Q:

jQuery Penetration Tests

I'm a little worried about posting information via jQuery. In particular when, in WebForms, I do a call to a WebMethod within my form I can obviously intercept the call and data.

Is there any way to secure this communication or is it a case of write your services in such a manner that they can't be used against you?

If it's the latter, what techniques have others used to secure their WebMethods? I'm more interested in solutions where WebForms and jQuery are being used and where the jQuery call is being made to a WebMethod in the code behind of the actual page.

+3 A:

There is nothing inherently insecure about jQuery that is not present in normal web communication. Jquery submissions are done exactly the same way as any other web request; they are either a GET or a POST.

A normal page request is just as likely to be intercepted as a jQuery request. It doesn't matter if you're using code behinds, JSPs, PHP pages, or Ajax requests... the method of browser-to-server communication is always HTTP, and it is always vulnerable to network snooping.

The only true way to secure web communication is with an encryption layer over the entire communication channel, which is what SSL provides. Anything else is always vulnerable to intercepted communications.

zombat 2009-11-12 04:43:35

So, in essence, the ways you secure this type of communication are the same as those you would use on a web service.

Robert Harvey 2009-11-12 05:28:14

related questions

Is it better to create Model classes, or just stick with generic database utility class?

What are effective options for embedding video in an ASP.NET web site?

Visual Studio 2008 debugger already attached work-around

Tracking state using ASP.NET AJAX / ICallbackEventHandler

ASP.NET Display SVN Revision Number

ASP.NET URL Rewriting

How can I change the background of a masterpage from the code behind of a content page?

Easy way to AJAX WebControls

How do I define custom web.config sections with potential child elements and attributes for the properties?

ASP.NET MVC "CRUD" Database Sample

Are Multiple DataContext classes ever appropriate?

How to RedirectToAction in ASP.NET MVC without losing request data

Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?

ASP.NET built in user profile, Vs old stile user class/tables

What's a good book for learning ASP?

Bandwith throttling in IIS 6 by IP Address

ASP .Net Custom Client-Side Validation

How to get the value of built, encoded ViewState?

Decent, simple, GIS/mapping component for ASP.NET?

Checklist for IIS 6/ASP.NET Windows Authentication?

How to write to Web.Config in Medium Trust ?

ASP.NET, Visual Studio and Subversion - how to integrate?

Floating Point Number parsing: Is there a Catch All algorithm?

How do I sync the SVN revision number with my ASP.NET web site?

ASP.NET Site Maps