White Papers
Scanning Ajax for XSS Entry Points
Category: Software and Web Development
Tags: java, applications
Overview The continuous adoption of Web 2.0 architecture for web applications is instrumental in Ajax, Web services and Flash, emerging as key components. Ajax is a combination of technologies such as JavaScript with the XMLHttpRequest object, DOM and XML streams. Cross site scripting (XSS) can make browsers vulnerable to critical information hijacking if exploited with malicious intent. XSS is already categorized as persistent, non-persistent and DOM-based. Ajax code loaded in browser can have entry points to XSS and it is the job of the security analyst to identify these entry points. One may need to do a trace or debug to measure the risk of these entry points. This paper introduces one to a quick way to identify XSS entry points in an application.
- Publisher
- net-square
- File Format
- Date Published
- Jul 3, 2007
- Format
- White Papers
- Topics
- Application Development, Java, XML
Similiar White Papers
Introducing XQJ: A Java API for XQuery
Query is a declarative language for querying XML that's similar to SQL for querying relational data. Most Java developer
Publisher: Jupitermedia | Tags: api, applications, data, developers, java
Adding Panoramas to Google Maps Using Ajax
This project is an implementation of an Ajax web application. AJAX is a new technology based on asynchronous communicati
Publisher: University of British Columbia | Tags: applications, data, google maps, java, server
Creating and Parsing XML Documents in JDeveloper
Oracle's XDK 10G extends JAXP to make reading, writing, and querying XML easy. One of the first programming exercises fo
Publisher: Jupitermedia | Tags: api, developers, java
AjaxTags
This paper has the goal of adding AJAX (Asynchronous Javascript+XML) functionality to the existing Struts HTML taglib, a
Publisher: Apache Software Foundation | Tags: java
Jaxcent: AJAX Programming in Java Alone
AJAX is a step towards enlarging the natural programming model that comes with the browser. Jaxcent from Desiderata Soft
Publisher: Desiderata Software | Tags: java
net-square White Papers
Crawling Ajax-Driven Web 2.0 Applications
Crawling web applications is one of the key phases of automated web application scanning. The objective of crawling is t
Publisher: net-square | Tags: applications, server
Web Services: Enumeration and Profiling
Web services hacking begins with the Web Services Definition Language or WSDL. A WSDL file is a major source of informat
Publisher: net-square | Tags: web services
Ajax Fingerprinting for Web 2.0 Applications
Fingerprinting is an age old concept and one that adds great value to assessment methodologies. There are several tools
Publisher: net-square | Tags: applications, icmp, operating systems
Featured white papers
-
The Value of Location Intelligence in the Communications Industry
Public Services are under pressure, the challenge is to do more with less. How do you improve citizen satisfaction, increase cost efficiencies and improve service delivery? The power of location intelligence is helping many local authorities...
-
Best Practices for Translating Customer Satisfaction into Revenue
Today's support organisations are focused on two top-level metrics: financial results and customer satisfaction. For most, it's easy to track financial performance, but customer satisfaction is akin to speaking a foreign language...
-
HP print solutions and 3M
The objective for 3M was to optimize office printing infrastructure at 3M locations worldwide, reduce total cost and environmental footprint. Some of the business benefits acheived by switching to HP print solutions...
-
Check out these top business apps for your iPhone
-
Inside a Microsoft datacentre
-
Green IT without losing your edge
-
Peter Cochrane's latest video blog
-
What you need to know about Windows 7