Critical flaw in Web 2.0, AJAX

Researchers like Billy Hoffman of Atlanta-based SPI Dynamics have warned for some time that digital outlaws have an easy target in applications based on Web 2.0 and Asynchronous JavaScript and XML (AJAX). At the recent Shmoocon hacker conference, Hoffman demonstrated how JavaScript-rich programs can be compromised with a tool he created called Jikto. Now, amid […]

Researchers like Billy Hoffman of Atlanta-based SPI Dynamics have warned for some time that digital outlaws have an easy target in applications based on Web 2.0 and Asynchronous JavaScript and XML (AJAX). At the recent Shmoocon hacker conference, Hoffman demonstrated how JavaScript-rich programs can be compromised with a tool he created called Jikto.

Now, amid reports that Jikto's code has been leaked onto the Internet, Fortify Software has released a new report describing a major flaw in Web 2.0 and AJAX software. The technology is susceptible to JavaScript hijacking, in which an attacker can steal critical data by emulating unsuspecting users, Fortify said.

Researchers analysed the 12 most popular AJAX frameworks -- including programs from Google, Microsoft, Yahoo! and the open source community -- and found that among them, only Direct Web Remoting (DWR) 2.0 takes steps to prevent JavaScript hijacking.

Continue to read full article....

Critical, Flaw, Vulnerability, Web 2.0, Ajax