This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "File:DenimGroup AJAXSecurityHereWeGoAgain Content 20060829.pdf"

From OWASP
Jump to: navigation, search
(Reverting to last version not containing links to www.textpascooutal.com)
 
Line 1: Line 1:
http://www.textpascooutal.com
 
 
[[Category:OWASP Presentations]]
 
[[Category:OWASP Presentations]]
 
Abstract:
 
Abstract:

Latest revision as of 18:28, 27 May 2009

Abstract: AJAX (or Asynchronous JavaScript And XML) is the hot new web programming technique being used to create rich Internet applications. By interacting with the server behind the scenes and updating web page DOMs, AJAX applications bring a new level of responsiveness to the web and opens exciting new possibilities for creating new classes of applications. The success of applications such as Google Maps and Flickr is a testament to the exciting potential AJAX techniques bring to the discipline of web application development.

Unfortunately many organizations implementing these techniques are doing so without considering the security implications on application design and development. Furthermore, because these techniques are so new the threats and countermeasures are not well understood. This presentation will give an explanation of AJAX techniques and will examine the underlying constructs and their behavior. Next it will examine how common web application vulnerabilities translate to AJAX environments well as new threats that are specific to AJAX applications. The presentation will conclude with a demonstration of "sprajax," an alpha-release open-source tool developed by Denim Group that analyzes web applications for potential security vulnerabilities exposed through the use of AJAX.

Presenter Bio: Dan Cornell is a Principal of the Denim Group, a Texas-based consultancy providing software development and application security services. He has extensive experience architecting and developing enterprise web applications on a variety of platforms as well as training and mentoring development teams on application security and secure coding techniques. Dan is the creator and primary author of the sprajax open source AJAX security assessment tool. He is an MCSD as well as a Java 2 Certified Programmer.

File history

Click on a date/time to view the file as it appeared at that time.

Date/TimeDimensionsUserComment
current13:32, 30 August 2006 (188 KB)Dancornell (talk | contribs)Category:OWASP Presentations Abstract: AJAX (or Asynchronous JavaScript And XML) is the hot new web programming technique being used to create rich Internet applications. By interacting with the server behind the scenes and updating web page DOMs, AJ
  • You cannot overwrite this file.

There are no pages that link to this file.