O'Reilly logo

Ajax Security by Bryan Sullivan, Billy Hoffman

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

12Attacking the Presentation Layer

Myth: Styling information is relatively benign and cannot be used to attack Ajax applications.

In these days of mashups and user-supplied content, more and more Web developers are creating Web sites that allow users to exert some control over how page elements are styled and rendered. Most developers are unaware that any attacker can perform a variety of attacks by purely controlling how content is rendered. Styling information is also a place where references to older, out-of-date, beta, and even privileged content can be found. Harvesting these references can provide an attacker with more parts of your Ajax application to explore and attack. In this chapter we focus on how attackers can exploit an application ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required