Autor doporu?uje následujících p?t krok?:
- 1. The key coding discipline of never trusting the client still applies, so any security controls should be implemented on the server and never controlled by the user.
- 2. Initially, keep the application straightforward. Reducing and simplifying any Ajax calls makes it easier to evaluate all possible types of requests that can be generated by a page or application during security testing.
- 3. Document and explain how the application communicates with the server and handles the responses it receives. Cover such issues as SSL connections for sensitive information.
- 4. Complete security testing prior to moving the application online, with special emphasis placed on checking for access control and input validation flaws.
- 5. Visit the Web Application Security Projectfor help with developing secure Ajax applications.
