7 Security Concerns
T
he Internet can be a hostile place. There is no telling what the intentions of visitors to
your site or application are. Wise developers always err on the side of caution and
expect the unexpected. Ajax doesn’t radically change this situation, as applications
built with the technology are not inherently any more insecure than other Web applications
that are typically far too trusting. Despite what some pundits claim, the attack surface
hasn’t increased with Ajax, but the interest in what to attack certainly has. Intruders are
now more interested than ever in JavaScript attacks, particularly those that can utilize Ajax
or traditional JavaScript communication techniques to deliver their exploits. In this chapter,
our aim is to present only the briefest refresher on Web application security practices so that
you can ensure that you are addressing these points. Then we will spend the bulk of our
effort discussing the particular security concerns that Ajax may appear to introduce or at
least amplify. However, given that security concerns change almost daily, our goal will be to
present the consistent general attacks and countermeasures and provide demonstrations of
these ideas where possible, rather than focus on specific bugs or timely concerns that will
certainly be out of date. Where possible, we modify the library initially introduced in
Chapter 5 to include features or utilities to help support Ajax use.The Web Attack Surfaces
When looking at the Web environment, a potential intruder sees a number of places to
attack. The attack surfaces roughly break into three areas: client-side attacks, network- or
transmission-focused attacks, and server-side attacks. Users and site owners are also in the
list of attack surfaces, as they can often be manipulated using social engineering techniques
and, just as easily as systems, can be compromised. All these targets are shown in Figure 7-1.
As Figure 7-1 shows, the ultimate aims of compromise are not always the target itself.
For example, if the target is the server, the hacker certainly may try to compromise it
directly for access to what it contains, but maybe their true goal is to use it as a launching
pad or intermediary to attack another site or use it to attack clients that access the server.
Further, client attacks may focus on the client itself to take some valuable data from it, or to
compromise and control the end point to be used in a distributed denial of service attack
against some site. Since clients could be members of private networks not directly attached
to the Internet, the purpose of client compromise might be a stepping stone to monitor or
attack things on a network it is connected to behind some local firewall. On an open
network, the attacker aims to intercept traffic between client and host for any number of283
CHAPTER