Ajax Security Basics

by Jaswinder S. Hayre, CISSP, Jayasankar Kelath
Sept. 15, 2017 1 comment Symantec cissp

Regular web applications work on a synchronous model, where one web request is followed by a response that causes some action in the presentation layer. For example, clicking a link or the submit button makes a request to the web server with the relevant parameters. This traditional "click and wait" behavior limits the interactivity of the application. This problem has been mitigated by the use of Ajax (Asychronous Javascript and XML) technologies. For the purposes of this article, we will define Ajax as the method by which asynchronous calls are made to web servers without causing a full refresh of the webpage. This kind of interaction is made possible by three different components: a client-side scripting language, the XmlHttpRequest (XHR) object and XML.


Steven Ulm 8 months ago

Great guide on the security basics of Ajax. A must-read for the enthusiasts!