Subverting Ajax new
calendar_month 09 Feb 2010, 00:00
Abstract - The ability of modern browsers to use asynchronous requests introduces a new type of attack vectors. In particular, an attacker can inject client side code to totally subvert the communication flow between client and server. In fact, advanced features of Ajax framework build up a new transparent layer not controlled by the user.

This paper will focus on security aspects of Ajax technology and on their influence upon privacy
issues. Ajax is not only a group of features for web developers: it's a new paradigm that allows leveraging the most refined client side attacks. Index Terms - Ajax Security, Universal Cross Site Scripting, Code Injection, Cache Poisoning, Prototype Hijacking, Auto Injecting Cross Domain Scripting

I. INTRODUCTION
Ajax[1] is an acronym for Asynchronous Javascript And XML. Ajax is not a new programming language,is an umbrella term which describes a group of features and enhancements to improve appearance and functionality of traditional web sites. Ajax relies on XMLHttpRequest[2], CSS, DOM and other technologies; the main characteristic of AJAX is its “asynchronous” nature, which makes possible to send and receive data from the server without having to refresh the page. Common Ajax implementations can be found in various languages and libraries like
ActiveX, Flash and Java applet.