Security is paramount to Web applications; a quick glance at the headlines demonstrates what happens when it is
ignored. Ajax brings a more responsive client and a faster server interaction to Web applications, but, by its nature, this asynchronicity can open up security holes at both the front end and the back end.
Secure ASP.NET AJAX Development presents several rules to live by for Ajax application development and offers a few testing best practices. Chapter 2, Ajax Security Pitfalls, addresses why the "attack surface" for Ajax applications is larger than it is for traditional HTML applications and explains why it is thus important to make sure that client code is not performing sensitive operations in an insecure fashion inside the browser.
Excerpted from Secure ASP.NET AJAX Development (Digital Short Cut) (ISBN-13: 978-0-321-49810-6) by Jason Schmitt.
Copyright © 2007. Published by Addison Wesley Professional. Reprinted with permission.