To combat these new threats one needs to look at different strategies as well. In this paper we shall look at different approaches and tools to improve security posture at both, the server as well as browser ends. Listed below are the key learning objectives:
• The need for Ajax fingerprinting and content filtering.
• The concept of Ajax fingerprinting and its implementation in the browser using XHR.
• Processing Ajax fingerprints on the Web server.
• Implementation using ModSecurity for Apache
• Strengthening browser security using HTTP response content filtering of untrusted information directed at the browser in the form of RSS feeds or blogs.
• Web application firewall (WAF) for content filtering and defense against Cross-Site Scripting (XSS)
Requirement for Ajax fingerprints and filtering
Ajax is being used very liberally in next generation Web applications, forming an invisible layer in the browser’s transport stack and bringing to the fore numerous browser-related attacks, all centered around Ajax. Although Ajax applications hold a lot of promise, there are loopholes being exploited by viruses, worms and malicious attackers in Web 2.0 applications that need to be looked at a little more closely. Ajax hides a lot of server-side critical resources due to its calling mechanism, bringing in sloppiness in coding patterns and fueling vulnerabilities in the server-side application layer as well. Untrusted resource processing from blogs, feeds and mash-ups are making Ajax vulnerabilities relatively easy to exploit. In such situations Ajax request and response fingerprinting and filtering mechanisms can enhance the security posture of Web applications. Web 2.0 applications have a special set of resources that are accessed by the web browsers over Ajax calls using the XMLHttpRequest (XHR) object. Resources can be grouped into two broad spaces – one with “Ajax-only” access and other non-Ajax (traditional) resources. In the application architecture, one can wrap security around Ajax resources by creating a separate virtual sandbox for all incoming and outgoing Ajax calls.
Download pdf ModSecurity Use Case: Web 2.0 Defense with Ajax Fingerprinting and Filtering
Related Searches: web server implementation, malicious attackers, server side application, security posture, invisible layer
Categories
Archives
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
Today's Search Terms:
- polo repair manual - passat pillar gauge pod - honda motorcycle manuals online - change tire jetta - canon pixma 1700 driver download - torrent repair manual audi a6 - ford maintenance GUIDE PDF - connecting phone to renault espace - ford escape repair manual download - manual de reparacion pontiac grand prix gratuito - hack your xbox 360 hard drive - DVA-G3170i traffic beetween wired wireless - downloads vista explodida carburador honda gx 160 - maya tutorial of animation character - maya tutorial of animation character - diesel engine service guide - free pdf parts catalog - bmw owners manual online - vw beetle 2002 service manual - Hyundai Sonata Haynes Repair Manual free - Ethernet Cable Wiring Diagram - hardware free ebook - Autocad 2008 español GRATIS - baixar antivirus em java para nokia n 95 gratis - cod4 jeep mod - 2003 honda crf 450 torque specifications - how to change rear wheel bearing vw jetta - parallels desktop 4 manual - cod2 hacks - Volvo S60 Repair Service Manual SoftwareMost Popular
- iPod shuffle User's Guide (Manual)
- Renault Workshop Repair Manual PDF
- VolksWagen Golf and Jetta Routine Maintenance and Servicing Manual
- VolksWagen Golf & Jetta Service and Repair Manual
- Volkswagen Beetle Manual PDF
- Hacking the XBOX 360 for Noobs Tutorial
- VW Golf and Jetta Braking System PDF Manual
- Renault Workshop Repair Manual PDF
- VolksWagen Golf III / Jetta III Wiring Diagram Manual
- Renault All Types Service Manual PDF
Random Posts
- CINDEX for OS X Users Guide Manual
- Self-Study Programme 220 Audi TT Roadster Manual
- 2003 Audi RS6 Equipment pdf
- DEP2410 Specification ( Samsung S3C2410 CPU Board )
- Wireless VoIP Phone
- 10 Tips to Consider When Hiring an SEO Vendor
- Objectivity/.NET for C#
- PCL Printer Control Language Users Guide and Reference Manual
- Maxtor OneTouch II QuickStart Guide For Macintosh OS X pdf
- Troubleshooting csUnit Addin for Visual Studio
Free Ebook Manual Download is proudly powered by WordPress - BloggingPro theme by: Design Disease
RSS feed for comments on this post · TrackBack URI
Leave a reply