AJAX Security

AJAX adds one more wrinkle to web security. I find that videos and demonstrations help me understand subtle topics like this.

Videos

• Security in ASP.NET AJAX Client Applications - In this webcast, we cover Microsoft ASP.NET AJAX client application security from every angle. We discuss the common security attacks your applications may encounter and how to protect against them.
• How Do I: Secure my Site using Membership and Roles?  - Learn how to secure a web site using the new Membership and Roles features of ASP.NET 2.0. Topics include user registration, password recovery, and restricting access to content with roles.

Webcasts

From a series of Webcasts that Joe Stagner put together, this is a five part series on Ajax and Security. Long, but worth your time.

• Live From Redmond: AJAX Security Basics- The Building Blocks to Protecting Your Applications Built with ASP.NET AJAX
• Live From Redmond: How Hackers Reverse Engineer and Exploit an ASP.NET AJAX Application
• Live From Redmond: The Brave New World of AJAX Hacking (and prevention using ASP.NET)
• Live From Redmond: The Next Generation of AJAX Attacks – A New Generation of Attack Theories
• Live From Redmond: Best Practices: A Look at Developer ASP.NET AJAX Security Mistakes

Blogs

• Michael Schwarz on Ajax and Security - In this post Michael shows us how subtle security can be in a world of JavaScript.

Enjoy.