Ajax based applications Pen Testing

Home > Cyber Security Solutions > Various-Security-Offerings > Penetration Test > Specialized Pen Testing > Ajax based applications Pen Testing
penetration-test-ajax-based-apps Similar to Flash, Microsoft Silverlight is a "thick client" application interface used to enhance users' experience. Underlying web services calls made by Silverlight are vulnerable and it is important to map those in terms of vulnerabilities and create fixes.

Why penetration of Ajax based applications is essential??

AJAX (Asynchronous JavaScript and XML) is a development technique used to create highly responsive web applications. It uses XMLHttpRequest object and JavaScript to make asynchronous requests to the web server, parsing the responses and then updating the page DOM HTML and CSS. Hence instead of updating the whole page, only a specific portion of page is updated, thus reducing server and client code processing overhead.

Similar to other client centric technologies, AJAX applications are vulnerable too. Incorrect and insecure coding practices can lead to multiple attacks such as SQL injection, tampering of user fed inputs on web form, bypassing authentication etc. In addition, AJAX applications can be vulnerable to new classes of attack such as Cross Site Request Forgery (XSRF).

How do we pen-test Ajax apps?

Valency Networks cyber security technical team first understands the architecture and decides the scope of Ajax used in the applications. We use various penetration testing tools and also perform manual methods to define possible attack vectors. Digging further into Ajax calls to the backend is performed to map the perimeter of application security, and the outcome is a set of vulnerabilities which can potentially lead to a programatic or man-made attack. While doing Ajax penetration testing, we go from network layer, through the session layer, all the way upto the application layer. Intrusive tests such as modifying Ajax requests on the fly, to simulate typical hacker's penetration methodologies, are performed too.