AJAX and Mashup security
No Thumbnail Available
URL
Journal Title
Journal ISSN
Volume Title
School of Science |
Master's thesis
Checking the digitized thesis and permission for publishing
Instructions for the author
Instructions for the author
Authors
Rahman, S. M. Moshiur
Date
2010
Major/Subject
Tietokoneverkot
Mcode
T-110
Degree programme
Language
en
Pages
[8] + 67
Series
Abstract
One of the core components of Web 2.0 applications is AJAX. The use of AJAX has transformed the web into a super platform. But this technological change has also given new types of worm and virus, such as Yamanner and Samy. Different web applications like Google, Yahoo and MySpace have experienced new vulnerabilities. Web applications that combine data from different sources are becoming increasingly useful. An AJAX mashup is a hybrid application. It uses AJAX techniques to present a rich user interface and updates content that it retrieves asynchronously from different sources or content. Current browser security models were not designed to support such applications. Mashup brings new security issues which provide different ways of attacks if proper security policies are not exist in web application. Web 2.0 applications also increase the possibility of different kinds of attacks such as Cross-site scripting (XSS). Cross-site Request Forgery (CSRF) and JavaScript Hijacking etc. This thesis focuses on the AJAX and Mashup security. The most important technologies used in creating mashups, like AJAX, and the basic functionality behind the mashups are introduced briefly. After that the security issues concerning the technologies, the principles of mashups and the current security model of web browsers are discussed. Also, prevention methods against different vulnerabilities are described in this thesis.Description
Supervisor
Aura, TuomasThesis advisor
Tarkoma, SasuSarjakoski, Liia
Keywords
Web 2.0, AJAX, Mashup, XSS, CSRF