WebApp Sec mailing list archives
Re: Ajax security reference
From: Serg Belokamen <serg.belokamen () gmail com>
Date: Tue, 6 Sep 2005 10:41:10 +1000
Matrix as in testing matrix. When you have an application and you need to test it, you write down rules and paths and expected inputs and outputs, etc. Software Eng. 101 dude. On 06/09/05, John Manko <jmanko () johnmanko com> wrote:
Why not have each request be accompanied by a security key, say a session identifier. If the identifier equals the session id (or whatever other server side stored authentication key), then you can assume the everything is good. I'm just getting into design-for-security myself, so that might not be a best practice. Serg, what "web application testing matrix" are you referring to? I'm eager to learn more. Serg Belokamen wrote:Not sure about any references, however it would not be any different to any other web application testing matrix. Cheers, Serg On Fri, 2005-09-02 at 09:06 -0400, Luke Fraser wrote:Can anyone point me to documentation or references specifically related to Ajax security? I'm particularly interested in best practices for developing an Ajax application from a security perspective, auditing Ajax applications, and anything specific to XMLHttpRequest security or any other aspect of Ajax apps that wouldn't apply to a 'normal' web application. Thanks, Luke
Current thread:
- Ajax security reference Luke Fraser (Sep 02)
- Re: Ajax security reference Serg Belokamen (Sep 03)
- Re: Ajax security reference John Manko (Sep 05)
- Re: Ajax security reference Serg Belokamen (Sep 05)
- Re: Ajax security reference John Manko (Sep 05)
- Re: Ajax security reference bugtraq (Sep 06)
- Re: Ajax security reference John Manko (Sep 05)
- Re: Ajax security reference Serg Belokamen (Sep 03)
- Re: Ajax security reference Eoin Keary (Sep 13)
- <Possible follow-ups>
- RE: Ajax security reference Damhuis Anton (Sep 05)