I've started writing my diploma thesis about AJAX application security few weeks ago, and I'm having some minor problems. I'm trying to find any vulnerability that is specific to AJAX, but can't find any valuable. It seems that XMLHttpRequest bugs regarding HTTP response splitting and web cache poisoning (link) have been mostly fixed, so the most interesting thing would be the Javascript Hijacking (link). I must say that this also looks like primary the XSS problem, rather than a new exploit opportunity.
The OWASP Top 10 (link) vulnerabilities are just too much non AJAX specific and Top 10 Ajax Security Holes and Driving Factors (link) don't seem too deep.
Also, client attacks that are very interesting, like XSS proxy (link) and JS port scanning (link) are not really using much AJAX.
I guess I'll have to find out something myself :)
No comments:
Post a Comment