4Ajax Attack Surface
Myth: Ajax applications do not have an increased attack surface when compared to traditional applications.
Many of the features that make Ajax applications more responsive, such as partial page updates, involve exposing more inputs on the Web server. For example, adding an automatic completion feature to a search box typically involves hooking a keypress event for the text box and using XMLHttpRequest
to send what the user has typed to a Web service on the server. In a traditional Web application, the search box has a single point of attack: the form input. In the Ajax-enabled version, the autocomplete search box now has two points of attack: the form input and the Web service.
Understanding the Attack Surface
To help understand ...
Get Ajax Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.