WebApp Sec mailing list archives
Re: Ajax security reference
From: John Manko <jmanko () johnmanko com>
Date: Mon, 05 Sep 2005 20:49:35 -0400
Why not have each request be accompanied by a security key, say a session identifier. If the identifier equals the session id (or whatever other server side stored authentication key), then you can assume the everything is good. I'm just getting into design-for-security myself, so that might not be a best practice. Serg, what "web application testing matrix" are you referring to? I'm eager to learn more.
Serg Belokamen wrote:
Not sure about any references, however it would not be any different toany other web application testing matrix. Cheers,Serg On Fri, 2005-09-02 at 09:06 -0400, Luke Fraser wrote:Can anyone point me to documentation or references specifically related to Ajax security? I'm particularly interested in best practices for developing an Ajax application from a security perspective, auditing Ajax applications, and anything specific to XMLHttpRequest security or any other aspect of Ajax apps that wouldn't apply to a 'normal' web application. Thanks,Luke
Current thread:
- Ajax security reference Luke Fraser (Sep 02)
- Re: Ajax security reference Serg Belokamen (Sep 03)
- Re: Ajax security reference John Manko (Sep 05)
- Re: Ajax security reference Serg Belokamen (Sep 05)
- Re: Ajax security reference John Manko (Sep 05)
- Re: Ajax security reference bugtraq (Sep 06)
- Re: Ajax security reference John Manko (Sep 05)
- Re: Ajax security reference Serg Belokamen (Sep 03)
- Re: Ajax security reference Eoin Keary (Sep 13)
- <Possible follow-ups>
- RE: Ajax security reference Damhuis Anton (Sep 05)