AJAX-JSON - Inside Crux

Written by

The development is occurring at a rapid pace. The innovation is going on. The web is transitioning from the web 1.0 to web 2.0. The implementation structures of various technologies have changed. The Web 2.0 has revolutionized the web in a stringent manner from all the perspectives. The Asynchronous JavaScript and XML have transformed the working stature of web from development and security point of view. The AJAX purely works over XHR i.e. XmlHttpRequest and not on the concept of Iframes directly. The AJAX has given a new face to web world with its functionality but at the same time also magnified the risk of exploitation.

Other trifecta of web 2.0 truth and lies are:

1. The uploading functionality which allows anyone to upload the unfiltered content on the web server that impacts the security of website and infect the victims. This was possible in web 1.0 but with new technologies like AJAX in web 2.0 things have worsened.

2. Mostly AJAX is considered as a hidden web because most of the times, the code is not revealed. Any vulnerability exploited in it allows an attacker to conduct pure stealth attacks and if it is applicable over SSL things are more complex to trace out.

3. AJAX has inherited working functionality to query backend web services automatically without interrupting the normal stature of ongoing transactions which in itself is a diversified way of gaining information and launching further attacks,
4. JSON Hijacking which depends a lot on the browsers JavaScript interpreter because it involves the hijacking or controlling of JavaScript arrays and object dynamically to perform attack controlled functions on the victim machine through browser. This occurs at a run time and exploits the parsing functionality of the JavaScript interpreter.
All the listed functionalities have a dramatic impact on the working and other events handling mechanism while working on web 2.0. But every technology has drawbacks and advantages in their own context. The best part is to differentiate between the real truth and lies of a technology by understanding the every single part of it.

What’s hot on Infosecurity Magazine?