Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ajax Security Tools

Posted by Soulskill on from the right-tool-for-the-right-job dept.

IdaAshley points out the latest from IBM developerWorks' Web development section, which talks about shoring up potential weaknesses in Ajax applications. It follows another recent guide for improving Ajax performance. "In this article, you'll learn about Ajax security tools, which you'll be using to scan for SQL injection and cross-site scripting vulnerabilities; to set a master password; and to restore the state of all windows after crashes. You'll take a look at tools and utilities that ensure that linked Web sites in applications are not on the blocked lists and which prevent hackers from altering browser functionality, defacing Web applications, and achieving malicious results. You'll find these utilities divided into three types within the article: hardening tools, Firefox tools, and Firefox add-ons."

3 of 16 comments (clear)

  1. Re:Hardening tool by Anonymous Coward · · Score: 1, Informative

    This is a great article, because it's given me exactly what I needed. Thanks to Ajax and IBM, I've already got a hardening tool right here in my hand.

    Well-done, destined to become a classic!

    N00bs, take note:

    1) This is short, and sweet. Not some 3000-line cut-n-paste about someone getting it on in a men's bathroom.
    2) It's relevant to TFA, or at least appears to be
    3) Punchline/troll is right at the end, which means you're hooked before you realize it. By the time you do, it's too late!

  2. Re:HTMLProtector by Quantumstate · · Score: 2, Informative

    It is even better than that. It has javascript password protection. This will naturally keep your site perfectly secure. I thought perhaps this might be a possible one where it could work with some kind of strong encryption actually based on the password. I was disappointed after looking at the trial however since I cracked it by simply using trial and error to remove bits of code until I narrowed it down the the correct bit. Then the page was free for viewing.

    And naturally one of the main ways I would aim to hack a page would be via the cache so this security feature will be highly useful as well. What better way could I spend $40.

    I was excited by the feature in the demo which offered to prevent the user from taking screenshots since I thought it would be valuable to report this seemingly critical security flaw in my browser. Unfortunately the feature did not work in the slightest.

    Even better to stop those determined hackers is the excellent tip to stop them even finding the source code. This of course is done by the option to insert 200 blank lines at the top of the source.

    You can protect your valuable image from being used by somebody else by reducing the quality so now if your competitors steal your banner it will look rubbish on their site. The only minor fault is that yours will look rubbish as well.

    Possibly the only useful feature in the entire program is an automated tool to watermark your images.

  3. I wasn't expecting much.... by Anonymous Coward · · Score: 1, Informative

    But wow, that was fucking terrible.