How to Develop secure Ajax applications
Ajax is now the most popular Web application development technology, but at the same time, web applications have become the weakest and most vulnerable to attacks in this IT architecture, compared with traditional Web applications, Ajax applications greatly increase the interaction between the client and the server, and expose some background business logic interfaces to the client, if the server does not have sufficient protection or does not check the validity of client requests, attackers can access the system to perform damage. How can developers ensure the security of Ajax applications in development projects? Here are some of the checklist and best practices that I have collected, and I hope they will help you.
1. input Validation. This section describes how to perform Web Application Security Testing and Input Validation in my previous blog. There are two ways to perform input validation: blacklisting: whitelisting is used to list all illegal input, and whitelisting is used to list valid input formats. If this format is not used, the whitelisting is blocked. In terms of security, whitelisting is more secure than blacklisting.
2. Avoid dynamic generation and execution of code as much as possible, and avoid using eval functions in Javascript as much as possible.
3. Check the JSON object before it is used. Because the JSON object is also part of JavaScript, it may contain harmfulCodeTherefore, JSON objects must be verified before use to ensure the security of JSON objects. The verification method can be performed using a regular expression or a JSON parser before conversion.
4. Try to use IFRAME When referencing Untrusted content.
5. do not use Ajax across the board. Ajax is used to improve the interaction of applications. Therefore, Ajax must be used only when the interaction is strong, in other scenarios where information needs to be displayed, the traditional method is more secure.
6. try to minimize the amount of network transmission for interactions. Frequent Ajax interactions not only affect the applicability, but also pose a major security risk. Therefore, try to use Ajax wherever necessary, do not use ajax to perform large partial refresh operations
7. At last, you can use some Ajax security check tools to check.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
