Re: Ajax security reference

[Serg Belokamen <serg.belokamen () gmail com>]

Matrix as in testing matrix. When you have an application and you need
to test it, you write down rules and paths and expected inputs and
outputs, etc. Software Eng. 101 dude.


On 06/09/05, John Manko <jmanko () johnmanko com> wrote:
> Why not have each request be accompanied by a security key, say a
> session identifier.  If the identifier equals the session id (or
> whatever other server side stored authentication key), then you can
> assume the everything is good.  I'm just getting into
> design-for-security myself, so that might not be a best practice.
>
> Serg, what "web application testing matrix" are you referring to?  I'm
> eager to learn more.
>
> Serg Belokamen wrote:
>
> > Not sure about any references, however it would not be any different to
> > any other web application testing matrix.
> >
> >   Cheers,
> >      Serg
> >
> > On Fri, 2005-09-02 at 09:06 -0400, Luke Fraser wrote:
> >
> >
> > > Can anyone point me to documentation or references specifically related to
> > > Ajax security?  I'm particularly interested in best practices for developing
> > > an Ajax application from a security perspective, auditing Ajax applications,
> > > and anything specific to XMLHttpRequest security or any other aspect of Ajax
> > > apps that wouldn't apply to a 'normal' web application.
> > >
> > > Thanks,
> > >
> > > Luke