Back when the first web browsers were becoming publicly available, I used to find network security vulnerabilities for organizations connected to the Internet. When someone released a tool that could automatically find vulnerabilities in your network, the whole industry was in uproar
for awhile. Now people realize that the hackers already make their own tools, and you might as well put tools like this in the hands of the good guys.
While we did sometimes find holes in HTML's predecessors
, the web has opened up a whole new world of possibilities for attackers. Especially with the rise of AJAX, many developers write code without being completely aware of the potential for injection, cross-site scripting, and other exploits. One of my favorite sessions from Web 2.0 Expo this year was the talk on "Vulnerabilities 2.0" by Alex Stamos
, where he showed off effortless exploits. People shouldn't take AJAX security lightly.
At MIX07, we had a number of industry experts talk about AJAX exploits and security
. One of the panelists was Dennis Hurst of SPIDynamics
. SPIDynamics makes software that can scan your site for AJAX vulnerabilities, regardless of which toolkit you use. We interviewed him to find out more about the tool, and about AJAX security in general.