August 2006 Austin Chapter Meeting
AJAX Security: Here We Go Again by Dan Cornell of Denim Group
Unfortunately many organizations implementing these techniques are doing so without considering the security implications on application design and development. Furthermore, because these techniques are so new the threats and countermeasures are not well understood. This presentation will give an explanation of AJAX techniques and will examine the underlying constructs and their behavior. Next it will examine how common web application vulnerabilities translate to AJAX environments well as new threats that are specific to AJAX applications. The presentation will conclude with a demonstration of "sprajax," an alpha-release open-source tool developed by Denim Group that analyzes web applications for potential security vulnerabilities exposed through the use of AJAX.
Dan Cornell is a Principal of the Denim Group, a Texas-based consultancy providing software development and application security services. He has extensive experience architecting and developing enterprise web applications on a variety of platforms as well as training and mentoring development teams on application security and secure coding techniques. Dan is the creator and primary author of the sprajax open source AJAX security assessment tool. He is an MCSD as well as a Java 2 Certified Programmer.