Why penetration of Ajax based applications is essential?
Similar to other client centric technologies, AJAX applications are vulnerable too. Incorrect and insecure coding practices can lead to multiple attacks such as SQL injection, tampering of user fed inputs on web form, bypassing authentication etc. In addition, AJAX applications can be vulnerable to new classes of attack such as Cross Site Request Forgery (XSRF).
How do we pen-test Ajax apps?
Valency Networks cyber security technical team first understands the architecture and decides the scope of Ajax used in the applications. We use various penetration testing tools and also perform manual methods to define possible attack vectors. Digging further into Ajax calls to the backend is performed to map the perimeter of application security, and the outcome is a set of vulnerabilities which can potentially lead to a programatic or man-made attack. While doing Ajax penetration testing, we go from network layer, through the session layer, all the way upto the application layer. Intrusive tests such as modifying Ajax requests on the fly, to simulate typical hacker's penetration methodologies, are performed too.