On my last post I received heat from a reader who suggested that I was being bias in favor of AJAX. I like AJAX and as I have written in 2004 for DDJ even before the acronym was invented, it “will have a profound impact on the web-user-interface-design paradigm for years to come”. To be honest though there are a lot of things that worry me as I see AJAX sites and services sprouting around. One of those things is security. Transparent asynchronous communication with the server from a web page makes it easier to launch several types of attacks. A very interesting incident was the propagation of the samy worm that managed to bypass numerous security restrictions and catch the MySpace Team unprepared.
Today I received a request for review for the “OWASP Testing Guide v2.0” which seems like a decent approach towards providing a tool case for security experts and developers. As many others have pointed out, as web applications become ubiquitous in our daily lives the need for security becomes more eminent and this need requires that security considerations be included as early as possible in the software development lifecycle!