Ajax Security Tools

IdaAshley points out the latest from IBM developerWorks' Web development section, which talks about shoring up potential weaknesses in Ajax applications. It follows another recent guide for improving Ajax performance. "In this article, you'll learn about Ajax security tools, which you'll be using to scan for SQL injection and cross-site scripting vulnerabilities; to set a master password; and to restore the state of all windows after crashes. You'll take a look at tools and utilities that ensure that linked Web sites in applications are not on the blocked lists and which prevent hackers from altering browser functionality, defacing Web applications, and achieving malicious results. You'll find these utilities divided into three types within the article: hardening tools, Firefox tools, and Firefox add-ons."

Hardening tool

This is a great article, because it's given me exactly what I needed. Thanks to Ajax and IBM, I've already got a hardening tool right here in my hand.

Weakness in Ajax?

You lie!

Ajax was second only to Achilles during the Trojan War! And Achilles--oh wait. Perhaps he does have a weakness. But considering that he didn't die while Achilles did, I think we can safely say that when you associate security and Ajax in one sentence you had better be talking about security against Ajax. Ajax is strong, not weak! It is the application programmers that are weak. Let's see them take on the Trojans before they complain about Ajax's weaknesses.

Worst possible application development platform.

It's a pity that the web is becoming an application development platform, because it really sucks as an API. Unfortunately all other contenders are either too much like the web (XUL) or proprietary (Silverlight, Flex). Browser security is a bitch with just web pages. Wait until people expect cross-site integration from their web applications...

HTMLProtector

[efence]

HTMLProtector helps you:

• Prevent visitors from viewing and printing your source code.

Yes! Because it always worked in the 90s! I see no reason why it can't work now!

Re:HTMLProtector

[Quantumstate]

It is even better than that. It has javascript password protection. This will naturally keep your site perfectly secure. I thought perhaps this might be a possible one where it could work with some kind of strong encryption actually based on the password. I was disappointed after looking at the trial however since I cracked it by simply using trial and error to remove bits of code until I narrowed it down the the correct bit. Then the page was free for viewing.

And naturally one of the main ways I would aim to hack a page would be via the cache so this security feature will be highly useful as well. What better way could I spend $40.

I was excited by the feature in the demo which offered to prevent the user from taking screenshots since I thought it would be valuable to report this seemingly critical security flaw in my browser. Unfortunately the feature did not work in the slightest.

Even better to stop those determined hackers is the excellent tip to stop them even finding the source code. This of course is done by the option to insert 200 blank lines at the top of the source.

You can protect your valuable image from being used by somebody else by reducing the quality so now if your competitors steal your banner it will look rubbish on their site. The only minor fault is that yours will look rubbish as well.

Possibly the only useful feature in the entire program is an automated tool to watermark your images.

Re:From TFA...

[deniable]

When DHS raises the level you have to bill your clients for extra security work. If you're a real good consultant, you'll find a way to bill them when it comes back down. IBM thinks of everything.