Recently, the Imperva Application Defense Center announced the discovery of a critical vulnerability in DWR (Direct Web Reporting), a key underlying technology in the AJAX web application development framework. To discuss this vulnerability and its implications HNS talked with Amichai Shulman, the co-founder and CTO of Imperva, where he heads the ADC.
Most people think of AJAX vulnerabilities in terms of a client side problem. However, in reality AJAX is vulnerable to server side vulnerabilities as well. This is 100% true for AJAX frameworks that comprise a server side component (DWR, GWT, Amazon). This type of vulnerability is also very likely to affect applications that use client only frameworks because programmers tend to shift the application logic from the server to the client, and they sometimes shift security logic together with it. The result is that the server is left vulnerable to direct attacks that bypass the "legitimate" client side code.
Read this full article at Help Net Security
|
|
Only registered users can write comments.
Please login or register.
Powered by AkoComment!