Ajax seems to give a better user experience, but I'm not so sure if I take the right steps to protect and secure my application.
Ajax似乎提供了更好的用户体验,但我不确定我是否采取了正确的步骤来保护和保护我的应用程序。
Is there a checklist of things I must pay attention to?
是否有我必须注意的事项清单?
2 个解决方案
#1
4
AJAX applications has the same vulnerabilities than other kind of web application:
AJAX应用程序与其他类型的web应用程序具有相同的弱点:
- XSS
- XSS
- SQL Injection
- SQL注入
- Privilege Escalation
- 特权升级
- Information Disclosure
- 信息披露
- etc.
- 等。
But if you want to avoid these common "safe" feel that an AJAX application can give you because normal users will no see the undergoing request you should check the OWASP AJAX Security Guidelines.
但是,如果您想避免这些常见的“安全”感觉,AJAX应用程序可以为您提供,因为普通用户看不到正在进行的请求,您应该检查OWASP AJAX安全性指南。
#2
0
AJAX does not add security your application. If what you mean is to protect it from hackers there's a lot of things you might consider.
AJAX不添加应用程序的安全性。如果你的意思是保护它不受黑客攻击,你可能会考虑很多事情。
Authentication Encryption Validation Etc..
身份验证加密验证等。
#1
4
AJAX applications has the same vulnerabilities than other kind of web application:
AJAX应用程序与其他类型的web应用程序具有相同的弱点:
- XSS
- XSS
- SQL Injection
- SQL注入
- Privilege Escalation
- 特权升级
- Information Disclosure
- 信息披露
- etc.
- 等。
But if you want to avoid these common "safe" feel that an AJAX application can give you because normal users will no see the undergoing request you should check the OWASP AJAX Security Guidelines.
但是,如果您想避免这些常见的“安全”感觉,AJAX应用程序可以为您提供,因为普通用户看不到正在进行的请求,您应该检查OWASP AJAX安全性指南。
#2
0
AJAX does not add security your application. If what you mean is to protect it from hackers there's a lot of things you might consider.
AJAX不添加应用程序的安全性。如果你的意思是保护它不受黑客攻击,你可能会考虑很多事情。
Authentication Encryption Validation Etc..
身份验证加密验证等。