• všechny e-ziny od 9/1999
  • celou databázi NEWS
  • soutěže 2000-2011
  • další články a BONUSY

Security - News


Crypto - News | Security - News

09 / 2006
Vybrali pro vás: TR - Tomáš Rosa, JP - Jaroslav Pinkava, PV - Pavel Vondruška, VK - Vlastimil Klíma

Ajax - prevence exploit?

Autor doporu?uje následujících p?t krok?:
  • 1. The key coding discipline of never trusting the client still applies, so any security controls should be implemented on the server and never controlled by the user.
  • 2. Initially, keep the application straightforward. Reducing and simplifying any Ajax calls makes it easier to evaluate all possible types of requests that can be generated by a page or application during security testing.
  • 3. Document and explain how the application communicates with the server and handles the responses it receives. Cover such issues as SSL connections for sensitive information.
  • 4. Complete security testing prior to moving the application online, with special emphasis placed on checking for access control and input validation flaws.
  • 5. Visit the Web Application Security Projectfor help with developing secure Ajax applications.
Zdroj: http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1215124,00.html?track=NL-426&ad=563509&asrc=EM_NLN_540102&uid=4169286
Autor: JP

<<- novější - Vyšel Crypto-World 9/2006
Ke klonování RFID - starší ->>
Design: Webdesign