Secure Coding mailing list archives
[Owasp-dotnet] Re: Is there any Security problem in Ajax technology?
From: vanderaj at greebo.net (Andrew van der Stock)
Date: Wed, 15 Mar 2006 12:48:07 +1100
Yes! :) I am speaking at the OWASP EU conference in Belgium (I hope people speak English 'cos my French is now quite appalling) at the end of May, and I have a paper submission for O'Reilly's OSCON in early July. I am still mulling over whether to submit a proposal to BlackHat as although I love junkets, I can't do too many - I have to work as well :) Next, once the chapter is released, it will be a major new addition to the OWASP Guide 2.1, and I'm sure we'll be doing something about promoting it at that point. There's not really any technology required to secure Ajax; it's all about the architecturally correct location of authorization, validation and preventing injection attacks. There's no magic technical bullet, WAF, or similar which can help fix these things. The issues with Ajax aren't really new, it's just that devs are introducing new classes of vulnerability because they have forgotten the hard lessons learnt in the past. thanks, Andrew On 15/03/2006, at 12:33 PM, Eric Swanson wrote:
My question: How does OWASP plan to educate the public regarding security concerns raised by AJAX and, indeed, any new methodology or technology and what is its plan to develop tools that translate this education into practice? *AJAX and related methodologies should be addressed by all groups within OWASP, so I'm guessing that the .NET group isn't the only group actively discussing it. (AFLAX - a Flash version also raises the same concerns.)
-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2234 bytes Desc: not available Url : http://krvw.com/pipermail/sc-l/attachments/20060315/9effd791/attachment.bin
Current thread:
- [Owasp-dotnet] Re: Is there any Security problem in Ajax technology? Andrew van der Stock (Mar 14)
- <Possible follow-ups>
- Re: [Owasp-dotnet] Re: Is there any Security problem in Ajax technology? Dinis Cruz (Mar 28)