You are here: silicon.com > Resources > White Papers > Software and Web Development > Software Development Tools > Java

Java White Papers

AJAX Apps Ripe Targets for JavaScript Hijacking

Tags:
java,
google,
.net,
ajax

Overview A pervasive vulnerability that allows an attacker to take over any Web browser and silently intercept sensitive data input occurs in Web 2.0 settings from Yahoo to ASP .Net to Google, security firm Fortify says. The vulnerability - which allows an exploit called JavaScript Hijacking - can be found in the biggest AJAX frameworks out there, including three server-integrated toolkits: Microsoft ASP.Net AJAX (aka Atlas), Google Web Toolkit and xajax - the last of which is an open-source PHP-class library implementation of AJAX.

Further White Paper Details
Publisher	Ziff Davis Media	File Format	PDF
Date Published	April 2007
Format	White Papers
Topics	Java, Application Development

Did you find this white paper useful? 6 out of 15 users found this white paper useful

Five JavaScript Frameworks: A Point-by-Point Comparison

There are a multitude of JavaScript frameworks available today for programming rich client-side interactions in web applications. With many such different options, it is important to choose a framework that...

Publisher:
Harbinger Systems

Tags:
java

Increase Reliability with IBM WebSphere File Transfer Edition (FTE)

"Does your organization still use FTP software? Did you know these links require 3 to 4 times more time and effort to build and maintain versus SOA-based Application Integration projects?...

Publisher:
IBM

Tags:
application servers

Outsourcing the data centre to a carrier neutral data centre operator in Europe

Should you outsource your data centre? You should if your organization has mission critical IT services, latency dependent Web services, business critical applications, or Internet centric services that need to...

Publisher:
Telecity Group

Tags:
knowledge and data management

Increase developer productivity using IBM RationalTM and WebSphereTM.

Even in a down economy, it's important to deliver services quickly. This Webcast presentation shows how by using solutions from Rational and WebSphere, development teams can leverage the latest Web...

Publisher:
IBM

Tags:
infrastructure management

Improved Scalability Boosts Agora's Ability to Deliver Web-Based Advertising

Agora SA wanted to improve the performance of the ad server supporting Gazeta.pl and address a sudden increase in the volume of ads in the system, stemming from Agora's launch...

Publisher:
Oracle

Tags:
scalability

New IE flaw rated as "critical"

An attacker could craft a malicious website that takes advantage of the flaw and gain control over the PCs that visit the website, or install malicious software on those systems, a representative of the French Security Incident Response Team...

Channel:
Security Strategy

Yahoo! plugs webmail flaw

An attacker could exploit this type of flaw to hijack user accounts, launch information-stealing phishing scams or even download malicious code onto users' computers, experts have said. The flaw, known as a cross-site scripting vulnerability...

Happy 10th birthday Mozilla - there's a bug in your cake

Insufficient security validation of input file names in the Firefox header lets an attacker order the browser to access files it is not supposed to be able to access. Mozilla has assigned a "low" severity rating to the flaw, and the vulnerability...

Android security hole gets patched up

Earlier, Google appealed for what it called "responsible disclosure" of security vulnerabilities - in other words, a grace period to fix problems before they're made public to reduce the likelihood an attacker will get a chance to exploit a...

Microsoft: IE at risk from security hole

Microsoft's updated advisory lists a number of mitigating factors: Protected Mode in IE 7 and IE 8 in Windows Vista limits the impact of the vulnerability; IE on Windows Server 2003 and 2008 runs in a restricted mode known as Enhanced Security...

Microsoft releases emergency patch to plug critical ActiveX hole

Microsoft first warned about the ActiveX issue on 6 July, saying a vulnerability in its Video ActiveX Control could allow an attacker to take control of a PC if the user visits a malicious website and attackers were exploiting the hole.

Featured White Papers

The Value of Location Intelligence in the Communications Industry

Public Services are under pressure, the challenge is to do more with less. How do you improve citizen satisfaction, increase cost efficiencies and improve service delivery? The power of location intelligence is helping many local authorities and government departments make more informed decisions and derive greater value from current location-based information and data. Read this whitepaper to see how you can take advantage of location intelligence.

Publisher:
Pitney Bowes

Best Practices for Translating Customer Satisfaction into Revenue

Today's support organisations are focused on two top-level metrics: financial results and customer satisfaction. For most, it's easy to track financial performance, but customer satisfaction is akin to speaking a foreign language. How do you quantify customer satisfaction? Download the Best Practices for Benchmarking Customer Satisfaction to get industry research the Association of Support Professionals (ASP) on how to measure and leverage customer satisfaction.

Publisher:
Citrix Online

HP print solutions and 3M

the objective for 3M was to optimize office printing infrastructure at 3Mlocations worldwide Reduce total cost and environmental footprint. Some of the business benefits acheived by switching to HP print soultions, More than $3 million in savings in first two years and Per page costs reduced by up to 90 percent.