Mailinglist Archive

Developers warned to secure AJAX design
Robert Lemos, SecurityFocus 2007-04-04

The problem, dubbed JavaScript hijacking by the firm, occurs because
popular asynchronous JavaScript and XML (AJAX) toolkits use the
scripting language as a transport mechanism without due consideration to
security. The basic threat is that malicious Web sites could use
cross-site request forgery (XSRF) to steal data from other AJAX-enabled
Web applications, Fortify stated in a report released on Monday.

http://www.securityfocus.com/news/11456?ref=rss