FRIDAY, SEPTEMBER 05, 2008



	MY ACCOUNT LOGIN

PASSWORD:

FORGOT YOUR PASSWORD?

SOA CONSULTING SERVICES
ASSISTING COMPANIES ACHIEVE THEIR SOA GOALS

WEB SERVICES

XWEBEMAILVALIDATION [tool]

XWEB1003 [real estate]

XWEBACHDIRECTORY [financial]

XWEBCHECKOUT [ecommerce]

XWEBTD [ecommerce]

XWEBNEWS [content mgmt.]

SUCCESS STORIES

SOA Portal - SOAHub.com

SOA information portal dedicated to the advancement of Service Oriented Architecture (SOA):

	Enterprise Architecture - guides, white papers, case studies
	SOA Consulting Services
	Web Services Directory
	SOA Services / Service Providers Directory
	SOA Solutions / Solution Providers Directory
	News / Press Releases
	Online Forum (Message Boards)
	Job Opportunities

browse portal

Web Services, SOA Solutions, SOA Services - XWebServices.com


HOME	WEB SERVICES	SOA SOLUTIONS	SOA SERVICES	ABOUT US

FEATURED WEB SERVICE

XWebEmailValidation
XML/SOAP based Web Service which provides real time Email address validation for client applications.

HOME :: NEWS :: ARCHIVE :: FEB 2007

:: Web Services and SOA News ::

Scanning AJAX for Cross-Site Scripting Entry Points

The continuous adoption of Web 2.0 architecture for web applications is instrumental in AJAX, Web services and Flash, emerging as key components. AJAX is a combination of technologies such as JavaScript with the XMLHttpRequest object, DOM and XML streams.

Cross site scripting (XSS) can make browsers vulnerable to critical information hijacking if exploited with malicious intent. XSS is already categorized as persistent [1], non-persistent [1] and DOM-based [2]. AJAX code loaded in browser can have entry points to XSS and it is the job of the security analyst to identify these entry points. It is difficult to decisively conclude that possible entry points to an application can be exploited. One may need to do a trace or debug to measure the risk of these entry points. This article introduces you to a quick way to identify XSS entry points in an application.