By Topic

AJAX based attacks: Exploiting Web 2.0

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Usman Shaukat Qurashi ; School of Electrical Engineering and Computer Science, National University of Science & Technology Islamabad, Pakistan ; Zahid Anwar

AJAX (asynchronous JavaScript and XML) has enabled modern web applications to provide rich functionality to Internet users. AJAX based web applications avoids full page reloads and updates relevant portion of a page. An AJAX enabled web application is composed of multiple interconnected components for handling HTTP requests, HTML code, server side script and clients side script. These components work on different layers. Each component adds new vulnerabilities in the web application. The prolifiration AJAX based web applications increases the number of attacks on the Internet. These attacks include but not limited to CSR forgery attacks, Content-sniffing attacks, XSS attacks, Click jacking attacks, Mal-advertising attacks and Man-in-the-middle attacks against SSL etc. Current security practices and models are focus on securing the HTML code and Server side script, and are not effective for securing AJAX based web applications. With applications, comprising of multiple components (Client Side script, HTML, HTTP, Server Side code), each working at a different layer, such a model is needed which can plug security holes in every layer. This research focus on addressing security issues observed in AJAX and Rich Internet Applications (RIA) and compiling best practices and methods to improve the security of AJAX based web applications.

Published in:

Emerging Technologies (ICET), 2012 International Conference on

Date of Conference:

8-9 Oct. 2012