
Security of Java based AJAX frameworks
Security challenges in the Web 2.0 era
Versandkostenfrei!
Versandfertig in 6-10 Tagen
32,99 €
inkl. MwSt.
PAYBACK Punkte
16 °P sammeln!
Unfortunately, while AJAX incorporates the bestcapabilities of both thick-client and thin-clientarchitectures, it is vulnerable to the same attacksthat affect both types of applications. Thick-clientapplications are insecure because they could bedecompiled and analyzed by an attacker. The sameproblem exists with AJAX applications - in fact evenmore so, because in most cases the attacker does noteven need to go to the effort of decompiling theprogram. Knowing the attack surface and thearchitectural weakness of a chosen AJAX frameworklays the foundation for a software architect todesign and deve...
Unfortunately, while AJAX incorporates the best
capabilities of both thick-client and thin-client
architectures, it is vulnerable to the same attacks
that affect both types of applications. Thick-client
applications are insecure because they could be
decompiled and analyzed by an attacker. The same
problem exists with AJAX applications - in fact even
more so, because in most cases the attacker does not
even need to go to the effort of decompiling the
program. Knowing the attack surface and the
architectural weakness of a chosen AJAX framework
lays the foundation for a software architect to
design and develop secure and enterprise-ready AJAX
web applications. This paper does not only discuss
general vulnerabilities of AJAX-based web
applications, but reflects these in a real-world
example showing the attack surface for applications
built with state-of-the-art AJAX frameworks like
JBoss Seam and Google Web Toolkit. The findings of
this paper help software architects and developers to
get a practical understanding of potential attacks.
They are a contribution to increase the security of
web applications.
capabilities of both thick-client and thin-client
architectures, it is vulnerable to the same attacks
that affect both types of applications. Thick-client
applications are insecure because they could be
decompiled and analyzed by an attacker. The same
problem exists with AJAX applications - in fact even
more so, because in most cases the attacker does not
even need to go to the effort of decompiling the
program. Knowing the attack surface and the
architectural weakness of a chosen AJAX framework
lays the foundation for a software architect to
design and develop secure and enterprise-ready AJAX
web applications. This paper does not only discuss
general vulnerabilities of AJAX-based web
applications, but reflects these in a real-world
example showing the attack surface for applications
built with state-of-the-art AJAX frameworks like
JBoss Seam and Google Web Toolkit. The findings of
this paper help software architects and developers to
get a practical understanding of potential attacks.
They are a contribution to increase the security of
web applications.