Rush to Ajax makes for happy hackers
The rush to adopt Ajax is leading web developers to make basic security mistakes, in some cases a decade old, that leave gaping holes in their applications.
That's according to researchers here at the Black Hat security conference in Las Vegas. Some said that in some cases developers should avoid Ajax altogether rather than open their businesses to attack.
In a presentation entitled "Premature Ajaxulation", SPI Dynamics researchers Billy Hoffman and Bryan Sullivan cataloged a myriad of attacks that are made possible when developers follow advice or use scripts found in otherwise reputable blogs, web sites and manuals.
While there are many ways to mitigate these security risks, the researchers said that as a last resort developers should "consider abstinence" from Ajax.