Threat Analysis for AJAX

Despite being criticized for being a “faux-meme”, Web 2.0 has caught on to define the new Internet paradigm; the Web as being a leverage for collaboration, collective intellect and interaction. In Web 2.0, the services get smarter as they are being used by more people, and the services get more powerful as they are combined with other services. Blogs, wikis and mashups are all testaments to the success and power of Web 2.0. Mashup applications, in particular, caught attention, as they combine services from various providers, and serve it in AJAX-enabled web pages. Most web companies already provided their APIs to the public with the hopes that the creative minds would make something better out of their standalone services by “mashing them up”. This document identifies security threats to AJAX and Web 2.0 applications, mashups in particular, along with implications and countermeasures.

By: Naishin Seki, Mine Altunay, Sachiko Yoshihama, Satoshi Makino, Michiharu Kudo, and Naohiko Uramoto

Published in: RT0671 in 2007

This Research Report is not available electronically. Please request a copy from the contact listed below. IBM employees should contact ITIRC for a copy.

Questions about this service can be mailed to reports@us.ibm.com .