Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ajax Security Tools

Posted by Soulskill on from the right-tool-for-the-right-job dept.

IdaAshley points out the latest from IBM developerWorks' Web development section, which talks about shoring up potential weaknesses in Ajax applications. It follows another recent guide for improving Ajax performance. "In this article, you'll learn about Ajax security tools, which you'll be using to scan for SQL injection and cross-site scripting vulnerabilities; to set a master password; and to restore the state of all windows after crashes. You'll take a look at tools and utilities that ensure that linked Web sites in applications are not on the blocked lists and which prevent hackers from altering browser functionality, defacing Web applications, and achieving malicious results. You'll find these utilities divided into three types within the article: hardening tools, Firefox tools, and Firefox add-ons."

16 comments

  1. Hardening tool by Anonymous Coward · · Score: 2, Funny

    This is a great article, because it's given me exactly what I needed. Thanks to Ajax and IBM, I've already got a hardening tool right here in my hand.

    1. Re:Hardening tool by Vectronic · · Score: 0, Offtopic

      lol

    2. Re:Hardening tool by Anonymous Coward · · Score: 1, Informative

      This is a great article, because it's given me exactly what I needed. Thanks to Ajax and IBM, I've already got a hardening tool right here in my hand.

      Well-done, destined to become a classic!

      N00bs, take note:

      1) This is short, and sweet. Not some 3000-line cut-n-paste about someone getting it on in a men's bathroom.
      2) It's relevant to TFA, or at least appears to be
      3) Punchline/troll is right at the end, which means you're hooked before you realize it. By the time you do, it's too late!

  2. Weakness in Ajax? by Anonymous Coward · · Score: 2, Funny

    You lie!

    Ajax was second only to Achilles during the Trojan War! And Achilles--oh wait. Perhaps he does have a weakness. But considering that he didn't die while Achilles did, I think we can safely say that when you associate security and Ajax in one sentence you had better be talking about security against Ajax. Ajax is strong, not weak! It is the application programmers that are weak. Let's see them take on the Trojans before they complain about Ajax's weaknesses.

    1. Re:Weakness in Ajax? by Anonymous Coward · · Score: 0

      There were two Ajaxes: one went insane and started slaughtering everything in sight, including livestock; the other committed rape in the temple of Athena and wound up wrecked at sea, impaled on a sharp rock in the ocean, and finished off by lightning for good measure, just so everyone would know he ended poorly.

      Why anyone named a major component of web services after one of these two guys is beyond me.

  3. Worst possible application development platform. by Anonymous Coward · · Score: 2, Insightful

    It's a pity that the web is becoming an application development platform, because it really sucks as an API. Unfortunately all other contenders are either too much like the web (XUL) or proprietary (Silverlight, Flex). Browser security is a bitch with just web pages. Wait until people expect cross-site integration from their web applications...

  4. Re:Worst possible application development platform by Travis+Mansbridge · · Score: 1

    What can you do? People want their cake, and to eat it too.

    Incidentally, don't make your cakes with Ajax. It will kill you.

  5. Ajax & Java by Anonymous Coward · · Score: 0

    Maybe offtopic, but does anyone know what the new hotness is, java/jsp/j2ee wise, wrt ajax frameworks? I've forked around with echo2 but I'm not totally sold.

    I can google all I want, but I'd love some opinions.

  6. HTMLProtector by efence · · Score: 2, Insightful

    HTMLProtector helps you:
    • Prevent visitors from viewing and printing your source code.
    Yes! Because it always worked in the 90s! I see no reason why it can't work now!
    1. Re:HTMLProtector by Culture20 · · Score: 1

      If it turns most of the html into one big gif and an image map then it should "work". Bonus for being just like the 90's!

    2. Re:HTMLProtector by Quantumstate · · Score: 2, Informative

      It is even better than that. It has javascript password protection. This will naturally keep your site perfectly secure. I thought perhaps this might be a possible one where it could work with some kind of strong encryption actually based on the password. I was disappointed after looking at the trial however since I cracked it by simply using trial and error to remove bits of code until I narrowed it down the the correct bit. Then the page was free for viewing.

      And naturally one of the main ways I would aim to hack a page would be via the cache so this security feature will be highly useful as well. What better way could I spend $40.

      I was excited by the feature in the demo which offered to prevent the user from taking screenshots since I thought it would be valuable to report this seemingly critical security flaw in my browser. Unfortunately the feature did not work in the slightest.

      Even better to stop those determined hackers is the excellent tip to stop them even finding the source code. This of course is done by the option to insert 200 blank lines at the top of the source.

      You can protect your valuable image from being used by somebody else by reducing the quality so now if your competitors steal your banner it will look rubbish on their site. The only minor fault is that yours will look rubbish as well.

      Possibly the only useful feature in the entire program is an automated tool to watermark your images.

  7. Re:Worst possible application development platform by Anonymous Coward · · Score: 0

    You're right.

    The main burden of blame should fall on the 'frontend HTML guys' who are often folks who got good at Dreamweaver (maybe they're "hard-core" and use notepad!! omg!!111lol) and ColdFusion, and now fancy themselves "web 2.0" professionals.

    So many of the development "tools" (code for "wizard") out there do *just enough* to let these amateurs function, but barely.

    These people should've stayed out of the business, as their buggy and gaudy sites will attest.

  8. From TFA... by slummy · · Score: 1

    Homeland Security Threat Levels

    This extension displays the current U.S. Homeland Security Threat Level (Severe, High, Elevated, Guarded, and Low) as an icon in the status bar, allowing you to see the threat level at a glance.


    Not really sure what this has to do with AJAX security, thanks IBM!
    1. Re:From TFA... by deniable · · Score: 2, Funny

      When DHS raises the level you have to bill your clients for extra security work. If you're a real good consultant, you'll find a way to bill them when it comes back down. IBM thinks of everything.

  9. I wasn't expecting much.... by Anonymous Coward · · Score: 1, Informative

    But wow, that was fucking terrible.

  10. "Ajax Security"? by John+Hasler · · Score: 1

    Isn't that an oxymoron?

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.