SPI Dynamics (known for being experts in security for Web applications) has released a white paper on the dangers of Ajax. It’s a worthy and quick read if you are doing any testing or development with AJAX. Get the paper here.
I’ve seen a lot of activity and focus on implementing secure Ajax solutions, which is a great thing, but I’m telling you people…it’s dangerous if not done right. The more I read and play with it the more I think:
“Ajax…the new, great way to exploit”.
“Bad Ajax implementations…A phishers dream!”
Yeah, yeah… I don’t want to hear your “The technologies used in Ajax aren’t new” crap. The technologies aren’t, but the focus is.