COD 153: Fundamentals of Secure AJAX Code
This course introduces security issues and challenges specific to AJAX applications. It provides an overview of AJAX technology and presents common AJAX application vulnerabilities and attack vectors. Upon completion of this class, participants will be able to identify the differences between regular and AJAX applications, common AJAX vulnerabilities that attackers tend to exploit, and major threats to AJAX applications from cross-site scripting, cross-site request forgery, and injection attacks. The course includes Knowledge Checks, Module Summaries, and links to additional online resources.
- Describe the architectural difference between regular web applications and Ajax applications
- Describe the special security challenges posed by Ajax applications
- Identify the ways in which attackers exploit common weaknesses in Ajax applications
- Detail the application-layer security vulnerabilities that Ajax commonly exposes, including cross-site scripting, cross-site request forgery, and injection attacks
- Describe persistent XSS and reflective XSS, and how CSRF attacks are carried out
- Identify the injection attacks that have the most impact on Ajax applications: XML injection, JSON injection, and XPath injection