| With the rapid development of Internet, the model of passively receiving information from web site can no longer meet users' requirements of browsing experience. Then AJAX technology emerged, it communicates with Web server asynchronously through JavaScript object. Users can continue to do other operations without waiting for server response. Page updating is done in a partial and dynamic way. Thus AJAX applications can provide smooth and fast user experience just like desktop applications.However, AJAX also introduced corresponding security threats. In AJAX framework, security threats are more harmful and more difficult to prevent than the traditional ones. Some AJAX application developers focus mainly on realizing all the functions but neglects safety considerations. These lead to the fact that most of the AJAX applications have security risks of various kinds.In this paper, detailed research will be done to see AJAX from a security point of view.Firstly, research background and research content will be shown to define issues to be resolved.Then AJAX components, their roles, characteristics and advantages of AJAX architecture will be introduced. Also the relating security risk will be pointed out. The paper will analyses how AJAX architecture affects traditional Web security threats and what new security threats it brings in. Deduction will be made on AJAX security threat trends combining with existing vulnerability types and attack methods.For Web worms in AJAX framework, the paper studies its characteristics when it sends http request data packets, then analyses on the principles of detection and gives the overall design of the detection system and module design.Finally the paper provides strategy to prevent Web attacks in AJAX framework from a security point of view. |
PDF Full Text Request