WebApp Sec mailing list archives
Re: Ajax Security discussion for the OWASP Guide
From: Andre Ludwig <andre.ludwig () gmail com>
Date: Fri, 23 Sep 2005 11:12:22 -0400
I assume you are discussing the Top10? The top 10 will always try and be explicitly technology independent. Unless a technology is so unique and prevalent that it needs to be addressed with one of the ten highlights there will almost never be a technology dependent bullet point in the top 10. Now if i am completely off base and you are discussing a one off guide for securing AJAX then by all means continue on! Andre Ludwig On 23 Sep 2005 13:18:20 -0000, noname () nospace com <noname () nospace com> wrote:
AJAX has the capability of subverting the presumed behavior of a web application, in the sense that even sophisticated users could not easily tell which client/server interactions are taking place and when. This may have security implications, for example if an application sends back to the server each keystroke as it is typed; this could potentially reveal sensitive information (wrong credentials, inadvertently typed by the user, etc.). It is probably more a problem of policy and of informing the end user of what is going on (and actually not all would understand what that means... but that's another story). Basically a new thing to consider is that AJAX may break the usual web application paradigm as we know it.
Current thread:
- Ajax Security discussion for the OWASP Guide Andrew van der Stock (Sep 22)
- Re: Ajax Security discussion for the OWASP Guide Serg Belokamen (Sep 22)
- <Possible follow-ups>
- RE: Ajax Security discussion for the OWASP Guide Luke Fraser (Sep 23)
- Re: Ajax Security discussion for the OWASP Guide noname (Sep 23)
- Re: Ajax Security discussion for the OWASP Guide Andre Ludwig (Sep 23)
- Re: Ajax Security discussion for the OWASP Guide John Manko (Sep 23)
- Re: Ajax Security discussion for the OWASP Guide focus (Sep 24)