Security of Java based AJAX frameworks
Security challenges in the Web 2.0 era
Seiten
2009
VDM Verlag Dr. Müller
978-3-639-14192-4 (ISBN)
VDM Verlag Dr. Müller
978-3-639-14192-4 (ISBN)
- Titel nicht im Sortiment
- Artikel merken
Unfortunately, while AJAX incorporates the best
capabilities of both thick-client and thin-client
architectures, it is vulnerable to the same attacks
that affect both types of applications. Thick-client
applications are insecure because they could be
decompiled and analyzed by an attacker. The same
problem exists with AJAX applications - in fact even
more so, because in most cases the attacker does not
even need to go to the effort of decompiling the
program. Knowing the attack surface and the
architectural weakness of a chosen AJAX framework
lays the foundation for a software architect to
design and develop secure and enterprise-ready AJAX
web applications. This paper does not only discuss
general vulnerabilities of AJAX-based web
applications, but reflects these in a real-world
example showing the attack surface for applications
built with state-of-the-art AJAX frameworks like
JBoss Seam and Google Web Toolkit. The findings of
this paper help software architects and developers to
get a practical understanding of potential attacks.
They are a contribution to increase the security of
web applications.
capabilities of both thick-client and thin-client
architectures, it is vulnerable to the same attacks
that affect both types of applications. Thick-client
applications are insecure because they could be
decompiled and analyzed by an attacker. The same
problem exists with AJAX applications - in fact even
more so, because in most cases the attacker does not
even need to go to the effort of decompiling the
program. Knowing the attack surface and the
architectural weakness of a chosen AJAX framework
lays the foundation for a software architect to
design and develop secure and enterprise-ready AJAX
web applications. This paper does not only discuss
general vulnerabilities of AJAX-based web
applications, but reflects these in a real-world
example showing the attack surface for applications
built with state-of-the-art AJAX frameworks like
JBoss Seam and Google Web Toolkit. The findings of
this paper help software architects and developers to
get a practical understanding of potential attacks.
They are a contribution to increase the security of
web applications.
Being active in the Internet business since 2001, my professional
interests are focused on development and design of secure
enterprise applications based on Java technology. After finishing
my INFORMATION MANAGEMENT studies in 1999 I continued to focus on
security relevant topics and finished my second studies ADVANCED
SECURITY ENGINEERING in 2008.
| Sprache | englisch |
|---|---|
| Gewicht | 164 g |
| Themenwelt | Informatik ► Programmiersprachen / -werkzeuge ► Java |
| Schlagworte | AJAX • AJAX (Asynchronous JavaScript and XML) • JAVA (Programmiersprache) |
| ISBN-10 | 3-639-14192-X / 363914192X |
| ISBN-13 | 978-3-639-14192-4 / 9783639141924 |
| Zustand | Neuware |
| Haben Sie eine Frage zum Produkt? |
Mehr entdecken
aus dem Bereich
aus dem Bereich
mit über 150 Workouts in Java und Python
Buch (2023)
Carl Hanser (Verlag)
CHF 41,95
Einführung, Ausbildung, Praxis
Buch | Hardcover (2023)
Rheinwerk (Verlag)
CHF 69,85
