摘要
Ajax可为Web应用提供丰富的事件和语义操作,正在成为互联网应用和企业信息系统开发的一种革命性技术。但是,如果对采用Ajax技术而导致Web应用体系结构的变化所引起的安全风险没有足够的重视,Ajax技术将可能使Web应用引入更多的内在安全风险。文中通过对Ajax技术原理的综述,分析了Ajax技术的安全隐患及其可能导致的各种安全漏洞,提出了Ajax应用的安全开发原则,最后讨论了支持Ajax应用安全评测的软件工具。
Ajax can provide rich event and semantic operation for Web applications, and thus becomes a revolutionary technology in the development of Internet application and enterprise information system. However, if the great importance is not attached to the safety risk introduced by the usage of Ajax and resulted in the changes of Web application infrastructure, more intrinsic security problems would be introduced by Ajax in the Web application. Based on the technical review on Ajax, various kinds of possible security vulnerabilities on Ajax are analyzed, the safety development principles of Ajax-based applications proposed, and the state-of-art security test tools for Ajax discussed.
出处
《信息安全与通信保密》
2012年第1期80-83,共4页
Information Security and Communications Privacy
关键词
AJAX
安全漏洞
安全开发
安全评测
Ajax
security vulnerabilities
safety development
security test