12Attacking the Presentation Layer
Myth: Styling information is relatively benign and cannot be used to attack Ajax applications.
In these days of mashups and user-supplied content, more and more Web developers are creating Web sites that allow users to exert some control over how page elements are styled and rendered. Most developers are unaware that any attacker can perform a variety of attacks by purely controlling how content is rendered. Styling information is also a place where references to older, out-of-date, beta, and even privileged content can be found. Harvesting these references can provide an attacker with more parts of your Ajax application to explore and attack. In this chapter we focus on how attackers can exploit an application ...
Get Ajax Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
