Tuesday, November 28, 2006

Vulnerability Scanning Web 2.0 Client-Side Components

Web 2.0 applications are a combination of several technologies such as Asynchronous JavaScript and XML (AJAX), Flash, JavaScript Object Notation (JSON), Simple Object Access Protocol (SOAP), Representational State Transfer (REST). All these technologies, along with cross-domain information access, contribute to the complexity of the application. We are seeing a shift towards empowerment of an end-user's browser by loading libraries.

All these changes mean new scanning challenges for tools and professionals. The key learning objectives of this article are to understand the following concepts and techniques:

* Scanning complexity and challenges in new generation Web applications
* Web 2.0 client-side scanning objectives and methodology
* Web 2.0 vulnerability detection (XSS in RSS feeds)
* Cross-domain injection with JSON
* Countermeasures and defense through browser-side filtering