I'm curious to know what what web developers consider to be the biggest security vulnerabilities with regards to Ajax applications, with or without the popular client frameworks (jQuery et al.), and how they are mitigated. Are there open source or commercial tools that can help identify such problems in a site?
views:
69answers:
1
+2
A:
Your risks are no greater than web development in general. Don't store sensitive information on the client and pass it back and forth between the server without an SSL connection and even then be cautious about what you do send.
jQuery et al. are not just frameworks to enable AJAX, they're also dom manipulation frameworks, so you can use them and not the AJAX portion without adding any risk.
Think of it like this: AJAX is simply making the same server request you were making with your form and submit buttons, but with javascript instead of the browser. Any security risks there might be were also there with the non-ajax method of communication.
If you are worried about security from a general web application perspective I'd recommend hiring a consulting company to do penetration and security testing on the site. Qinetiq is a good choice for high security applications.
Marcus Pope
2009-10-08 22:27:19