SURESHKUMAR.NET FORUMS
Registered Member Login:
Not a member? Register today!



Welcome to the SURESHKUMAR.NET FORUMS.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.




AJAX SECURITY

        

Reply
 
LinkBack Thread Tools Display Modes
Old 07-07-06, 03:21 PM   #1 (permalink)
Moderator
 
wizkid's Avatar
 
Join Date: Jun 2006
Location: India
Posts: 960
Thanks: 0
Thanked 38 Times in 33 Posts
Rep Power: 17 wizkid is just really nice wizkid is just really nice wizkid is just really nice wizkid is just really nice wizkid is just really nice
Hi All,



Google Suggest and Google Maps [ref 1] are some of the notable early adopters of Ajax. Companies are now thinking of how they too can leverage it, web developers are trying to learn it, security professionals are thinking of how to secure it, and penetration testers are thinking of how to hack it







reg



wizkid

__________________
\"WHEN GOING GETS TOUGH, ONLY THE TOUGH GETS GOING\"
wizkid is offline Offline   Reply With Quote
Old 07-07-06, 03:29 PM   #2 (permalink)
Moderator
 
Join Date: Apr 2006
Location: India
Posts: 1,732
Thanks: 2
Thanked 204 Times in 167 Posts
Rep Power: 38 vjsreevs has a brilliant future vjsreevs has a brilliant future vjsreevs has a brilliant future vjsreevs has a brilliant future vjsreevs has a brilliant future vjsreevs has a brilliant future vjsreevs has a brilliant future vjsreevs has a brilliant future vjsreevs has a brilliant future vjsreevs has a brilliant future vjsreevs has a brilliant future
While testing a regular web application, a penetration tester starts by footprinting the application. The intent of the footprint phase is to capture the requests and responses so that the tester understands how the application communicates with the server and the responses it receives.
The information is logged through local proxies such as Burp
It is important to be as complete as possible during the footprint phase so that the tester logs requests to all pages used by the application.

After that step, the tester will start the process of methodical fault injection, either manually or using automated tools, to test parameters that are passed to and from the web server.

Ajax complicates this methodology because of its asynchronous nature.
Ajax applications are typically noisier when compared to regular web applications.

An application may make multiple requests in the background even when it appears to be static to a user.

A tester has to be aware of several situations which might cause difficulties with the application testing process.

The issue of "state"
Requests initiated through timer events
Dynamic DOM updates
XML Fuzzing

The tester has to ensure that developers have not deviated from a secure architecture.
vjsreevs is offline Offline   Reply With Quote
The Following User Says Thank You to vjsreevs For This Useful Post:
AjayKumar.Kataram (25-10-08)
Old 25-10-08, 12:40 AM   #3 (permalink)
Senior Member
 
Join Date: Aug 2006
Location: Hyderabad,India
Age: 31
Posts: 8,035
Thanks: 2,100
Thanked 459 Times in 316 Posts
Rep Power: 127 AjayKumar.Kataram has a reputation beyond repute AjayKumar.Kataram has a reputation beyond repute AjayKumar.Kataram has a reputation beyond repute AjayKumar.Kataram has a reputation beyond repute AjayKumar.Kataram has a reputation beyond repute AjayKumar.Kataram has a reputation beyond repute AjayKumar.Kataram has a reputation beyond repute AjayKumar.Kataram has a reputation beyond repute AjayKumar.Kataram has a reputation beyond repute AjayKumar.Kataram has a reputation beyond repute AjayKumar.Kataram has a reputation beyond repute
Re: AJAX SECURITY

nice info...
AjayKumar.Kataram is offline Offline   Reply With Quote
Reply

Tags
ajax , security


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +6.5. The time now is 08:46 PM.

More Interview Questions Here...

Content Relevant URLs by vBSEO 3.3.2