| As the Internet has become more mature, WEB applications featuring responsive user interfaces and maintainability capabilities have become increasingly popular. However, classic WEB applications have generally exhibited problems such as slow performance and heavy network traffic. So, a new design for the web--Ajax appeared recently. Because Ajax minimizes traffic to the server by sending and requesting just the minimum amount of data needed, it can make Web-based applications more responsive, interactive, and customizable. In short, Ajax recreate the seamless user experience of most other desktop applications. AJAX framework is regarded as the standard for Web service of next generation with the title of Web2.0.At first, this paper analyzes the infrastructure of AJAX Web service. With the study on AJAX technical base, component structure and work flow, not only the advantage of AJAX framework is entirely demonstrated, but the weakage of AJAX framework is pointed out.Secondly, we research the security issues that AJAX framework faces. By analyzing various injection issues, web browser issue, cross domain issue, AJAX bridge issue and malicious Javascript issue. Etc, all attack methods against AJAX framework are brought forward.Then the only two existing AJAX worms are dissected in details with anatomise of their mechanism and technology. To improve these premature worms, we give all tech-developments and components structure of next generation AJAX worms. The approaches to implement new cyber AJAX worm are proven feasible in this section.In the last, we research a series of algorithm and solution to detect attacks on AJAX framework and to evaluate security holes in AJAX framework. We also present a dozen of important security polices on AJAX framework development, which may reduce threats on AJAX framework mostly in the future. |
PDF Full Text Request