This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Development Issues Within AJAX Applications: How to Divert Threats

Jump to: navigation, search

The presentation

Lars Ewe
AJAX has rapidly emerged as a prominent enabling technology in the movement to improve the Web as a software platform for business and consumer applications. Using AJAX development techniques provides software developers with a wide-open platform for creating innovative new Web (2.0) applications. The result is a more readily responsive Web environment which minimizes the "start-stop-start-stop" nature of Web pages, thus increasing the speed and user-interactivity of Web-enabled services. However, the open, malleable nature of Web 2.0 also has an often overlooked impact on application security that is not necessarily initially visible to application developers, establishing a relatively easy target for malicious behavior to compromise applications and overall network security. This session will address the development issues of AJAX applications from a security perspective, looking at how today's common web threats such as SQL injections, Cross Site Scripting, and others are often magnified in an AJAX environment, and it will also explore new threads, such as JavaScript Hijacking. Last but not least it also provides Best Practices for AJAX application developers that are designed to help manage the security complexities inherent to AJAX development.

The speaker

Chief Technology Officer and VP of Engineering for Cenzic Lars Ewe is a technology executive with broad background in (web) application development and security, middleware infrastructure, software development and application/system manageability technologies. Throughout his career Lars has held key positions in engineering and product management in a variety of different markets. Prior to Cenzic, Lars was software development director at Advanced Micro Devices, Inc., responsible for AMD's overall systems manageability and related security strategy and all related engineering efforts.