Oracle Magazine Special offer for AjaxImpact.com Visitors!! Subscribe to Oracle Magazine for Free!
AJAX IMPACT

  AMAZON DEMO
  FREE MAGAZINES
  AJAX JOBS
  DEMOS
  SHOW CASE
  TOOL KITS
  BOOKS
  OPINIONS
  WHITE PAPERS
  EVENTS
  FAQS
  AJAX ON GOOGLE
  FEED:  Subscribe to Ajax Impact Feed


INDUSTRY NEWS
Researcher: Web services security risks largely ignored
04/10/2006, By Robert McMillan

During a conference presentation, researcher Alex Stamos outlined how a number of Web services technologies, including the AJAX (Asynchronous JavaScript and XML) and the XQuery query language could be exploited by hackers to dig up secret information and attack systems.

Web services is a catch-all expression used to describe a form of distributed computing that uses standards based on XML (Extensible Markup Language) to simplify the job of programming software. One of its key tenets is that Web services applications are extremely portable and can easily interact with different types of software.

While this cross-platform capability can simplify programming, it can also create security risks by creating situations that may not have been anticipated by software developers, said Stamos, a founding partner of Information Security Partners, based in San Francisco. During his talk, he described an attack where a user could enter malicious code in a Web form and then get that code to run by calling up the company's customer service number and tricking a representative into inadvertently executing it.

Stamos also showed how Web services requests could be used to conduct denial of service attacks, either by creating malicious XML queries that used massive amounts of memory, or by bombarding databases applications with more requests than they can handle.

Web application vendors have created tools that work like "magic," hiding complexity and making it very easy to create Web services. Unfortunately, these tools also make it easy for their users to ignore the security implications of the software they're building, Stamos said. "Because of all that magic pixie dust, the people who write Web services don't necessarily understand how they work," he said. "We have a lot of customers who are hanging unbelievably crazy functionality... just out on the Internet."

Read More...


AJAX NEWS
04/01/2007 wxJavaScript : porting wxWidgets to JavaScript.
03/31/2007 DED|Chain - The web developers JavaScript Kit
03/30/2007 Clipperz Crypto Library - a JavaScript library of crypto primitives
03/28/2007 ETech - AJAX Unplugged Slides
03/27/2007 Stripe Generator: ajax powered web 2.0 tool!
03/26/2007 Finally Microsoft joins the OpenAjax Alliance


INDUSTRY NEWS
05/19/2006 Ajax grabs center stage at JavaOne, By Tony Baer
05/15/2006 Oracle to boost AJAX, Java , By Paul Krill
05/13/2006 Open AJAX Group Drafts Development Plans, By Stacy Cowley
05/13/2006 AJAX Powers Interactive Marketing ASP, By AjaxWorld News Desk
05/12/2006 AJAX Experts Tackle Security, Other Issues , By Darryl K. Taft
05/11/2006 Adobe Releases Spry Framework for AJAX, By AjaxWorld News Desk
More 
       

      © 2008 ajaximpact.com. All rights reserved.