O'Reilly logo

Ajax Security by Bryan Sullivan, Billy Hoffman

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

13JavaScript Worms

Myth: Ajax has not increased the damage Cross-Site Scripting attacks can do.

As we saw in Chapter 10, “Request Origin Issues,” malicious JavaScript can leverage a user’s credentials to send fraudulent HTTP connections to Web servers that look identical to normal user activity. XMLHttpRequest allows malicious JavaScript to send requests and analyze the response 15 times faster than any pre-Ajax method. This enormous jump in request speed has made it practical for malicious JavaScript to send lots of requests in a very short amount of time. This has lead to the rise of JavaScript worms, which need these rapid, silent requests to propagate and inflict damage. To date, virtually every JavaScript worm (Samy, Yamanner, Xanga, MySpace ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required