Wednesday, February 08, 2006

Eric Pascarello dissects Ajax security vulnerabilities

Eric Pascarello dissects Ajax security vulnerabilities: "Eric Pascarello dissects Ajax security vulnerabilities
By Colleen Frye, News Writer
07 Feb 2006 | SearchWebServices.com"

Pascarello's Rules of Thumb for Ajax Security:

1. If you use user authentication, make sure you check for it on the request page!
2. Check for SQL injections.
3. Check for JavaScript injections.
4. Keep the business logic on the server!
5. Don't assume every request is real!
6. Check the data with validation!
7. Look at the request's header information and make sure it is correct.

No comments: