http://java.sys-con.com/ Latest articles from Frank Nimphius en Copyright 2008 SYS-CON Media SYS-CON Media Thu, 28 Aug 2008 20:16:26 EDT http://backend.userland.com/rss 10 http://java.sys-con.com/node/436281 If you have evaluated AJAX (Asynchronous JavaScript and XML) for your next Web application development project, then you probably have read or heard a great deal about AJAX security concerns and the claim that AJAX increases the attack surface for hackers. If you are a skilled security developer, you might wonder whether the AJAX security problem originates in the technologies involved or whether lack of security in AJAX is a misconception. Security threats like SQL injection, cross-site scripting (XSS), message spoofing, and failed input validation existed before in Web applications and have been solved many times since then.<p><a href="http://java.sys-con.com/node/436281" target="_blank">read more</a></p> Sun, 07 Oct 2007 09:30:00 EDT http://java.sys-con.com/node/436281 http://java.sys-con.com/node/430930 If you have evaluated AJAX for your next Web application development project, then you probably have read or heard a great deal about AJAX security concerns and the claim that AJAX increases the attack surface for hackers. If you are a skilled security developer, you might wonder whether the AJAX security problem originates in the technologies involved or whether lack of security in AJAX is a misconception.<p><a href="http://java.sys-con.com/node/430930" target="_blank">read more</a></p> Fri, 21 Sep 2007 18:00:00 EDT http://java.sys-con.com/node/430930 http://java.sys-con.com/node/250254 Application security - the art of applications defending themselves - represents an important line of defence in an overall in-depth security strategy. Web applications that follow the Model-View-Controller (MVC) architecture can, and should, have security implemented on all three layers. Normally it's the controller component that handles page authorization in MVC, the view layer that hides controls and information based on user authorization, and the model that enforces the business rules and input validation. However, it's up to the developer, based on an individual security policy and the programming technology used, to decide where to put security. Using pluggable validator components in JavaServer Faces (JSF), for example, developers may decide to verify user input on the view layer as well as on the model layer.<p><a href="http://java.sys-con.com/node/250254" target="_blank">read more</a></p> Thu, 10 Aug 2006 17:15:00 EDT http://java.sys-con.com/node/250254