AJAX and Mashup security

No Thumbnail Available

URL

Journal Title

Journal ISSN

Volume Title

School of Science | Master's thesis
Checking the digitized thesis and permission for publishing
Instructions for the author

Authors

Rahman, S. M. Moshiur

Date

2010

Major/Subject

Tietokoneverkot

Mcode

T-110

Degree programme

Language

en

Pages

[8] + 67

Series

Abstract

One of the core components of Web 2.0 applications is AJAX. The use of AJAX has transformed the web into a super platform. But this technological change has also given new types of worm and virus, such as Yamanner and Samy. Different web applications like Google, Yahoo and MySpace have experienced new vulnerabilities. Web applications that combine data from different sources are becoming increasingly useful. An AJAX mashup is a hybrid application. It uses AJAX techniques to present a rich user interface and updates content that it retrieves asynchronously from different sources or content. Current browser security models were not designed to support such applications. Mashup brings new security issues which provide different ways of attacks if proper security policies are not exist in web application. Web 2.0 applications also increase the possibility of different kinds of attacks such as Cross-site scripting (XSS). Cross-site Request Forgery (CSRF) and JavaScript Hijacking etc. This thesis focuses on the AJAX and Mashup security. The most important technologies used in creating mashups, like AJAX, and the basic functionality behind the mashups are introduced briefly. After that the security issues concerning the technologies, the principles of mashups and the current security model of web browsers are discussed. Also, prevention methods against different vulnerabilities are described in this thesis.

Description

Supervisor

Aura, Tuomas

Thesis advisor

Tarkoma, Sasu
Sarjakoski, Liia

Keywords

Web 2.0, AJAX, Mashup, XSS, CSRF

Other note

Citation