The top ten Ajax security vulnerabilities and their causes in Web2.0

Source: Internet
Author: User
Tags data structures eval json require serialization

JavaScript contains Ajax as an important part of Web2.0 applications. The evolution of this part of the network has turned the web into a super platform. The shift also spawned new strains of viruses and worms, such as Yamanner,samy and Spaceflash, among others. Portals such as Google,netflix,yahoo and MySpace have suffered a certain amount of damage over the past few months due to new vulnerabilities. Hackers can exploit these vulnerabilities for phishing, Cross-site scripting (XSS), and cross site forgery (XSRF) requests.

There is no inherent security vulnerability in Ajax, but the adaptation of this technology vector significantly changes the way and methodology of network application development. Previously, when DCOM and CORBA formed the core middleware layer, it was very difficult to serialize data and objects. Ajax uses simple get,post or soap calls to convert Xml,html,js Array,json,js objects and other custom objects; All of these operations do not require the middleware layer to be invoked. This integrated capability of Ajax makes the data exchange between the application server and the browser very smooth. Information from the server side is dynamically injected into the current DOM-related environment, and the browser's DOM state is reset. Before we talk about security vulnerabilities, let's take a look at the key factors contributing to Web2.0 vulnerabilities.

The main difference between multiple distributed terminal point and hidden call--web2.0 application and Web1.0 is the difference of information access mechanism. Compared to its predecessor Web1.0, Web2.0 applications have several AJAX endpoints. The potential Ajax calls are scattered across the entire browser page and can be invoked separately by individual events. Developers hate the fragmentation of Ajax calls, and because these calls are hidden and less obvious, it can also cause code to be irregular.

Authentication confusion--input and output content authentication is one of the important factors of application. Web2.0 applications use bridges, mashups, feedback, and more. In many cases, it assumes that the "other" (Read server or client code) has been authenticated, and that this confusion has resulted in the failure of both parties to implement proper authentication controls.

Untrusted sources of information--web2.0 applications get information from a wide range of untrusted source such as feedback, blogs, and search results. This content is never authenticated before it is delivered to a terminal browser, which can lead to cross-site attacks. It is also possible for hackers to load JavaScript in the browser to force browsers to emit Cross-domain calls and open security vulnerabilities. In that case, these fatal vulnerabilities can be exploited by viruses and worms.

Data serialization-the browser can invoke Ajax to implement data serialization. It can get JS array,objects,feeds,xml files, HTML blocks, and JSON. If one of these sequence blocks is parsed and modified, the hacker can force the browser to execute a malicious script. The combination of untrusted information and data serialization is fatal to the security of the end-user.

Dynamic script composition and execution--ajax creates a back-end channel, fetches data from the server, and then passes it to the DOM. The necessary condition to do this is to dynamically execute javascripts to update the status of the DOM or browser page cache at any time. Ajax by invoking custom functionality or eval () functionality. Unauthorized content or the use of unsafe calls, light causes the content of the session to leak, heavy forcing the browser to execute malicious content and other consequences.

Web2.0 applications may become vulnerable because of the 1 or more errors mentioned above. If the developer is not careful enough to focus on security management, the server and browser side will have security problems. The following is a brief description of 10 possible security vulnerabilities.

(1) Malformed JS object sequence

JavaScript supports object-oriented programming (OOP) technology. It has many different built-in objects and allows the user to create objects of their own. The user can create a new object by using the new object () or by editing the following code.

message = {
from : "john@example.com",
to : "jerry@victim.com",
subject : "I am fine",
body : "Long message here",
showsubject : function(){document.write(this.subject)}
};

This is a simple message object, where 2 fields require an e-mail address. We can use Ajax to serialize the object and compile it with JavaScript code. The programmer can assign it to a variable or eval (). If an attacker sends a malicious "subject" embedded in a script, the reader becomes the victim of a cross-site scripting attack. A JS object contains both data and methods. Improper use of the JS object sequence will create a security vulnerability that can be exploited by crafty injection code.

(2) JSON to inject

JavaScript object symbol (JSON) is a simple and effective small data interchange format that contains objects, arrays, hash tables, vectors, and list data structures. JavaScript, Python, C, C + +, C #, and Perl languages all support JSON. The JSON sequence is a very effective exchange mechanism in Web2.0 applications. Developers frequently use Ajax and JSON to get and transmit the necessary information to the DOM. The following is a simple JSON object with a different name value pair: the "Bookmarks" object.

{"Bookmarks": [{"link": "www.example.com", "Desc": "Interesting Link"}]}

Hackers can inject malicious script into link or desc. If the DOM and executable programs are injected, the XSS directory is also injected. This is another way of infecting end users with malicious content.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.