search query: @keyword web 2.0 / total: 39
results-list
reference: 7 / 39
« previous | next »
Author:Rahman, S. M. Moshiur
Title:AJAX and Mashup security
Publication type:Master's thesis
Publication year:2010
Pages:[8] + 67      Language:   eng
Department/School:Informaatio- ja luonnontieteiden tiedekunta
Main subject:Tietokoneverkot   (T-110)
Supervisor:Aura, Tuomas
Instructor:Tarkoma, Sasu ; Sarjakoski, Liia
OEVS:
Electronic archive copy is available via Aalto Thesis Database.
Instructions
close

Reading digital theses in the closed network of the Aalto University Harald Herlin Learning Centre

In the closed network of Learning Centre you can read digital and digitized theses not available in the open network.

The Learning Centre contact details and opening hours: https://learningcentre.aalto.fi/en/harald-herlin-learning-centre/

You can read theses on the Learning Centre customer computers, which are available on all floors.

Logging on to the customer computers

  • Aalto University staff members log on to the customer computer using the Aalto username and password.
  • Other customers log on using a shared username and password.

Opening a thesis

  • On the desktop of the customer computers, you will find an icon titled:

    Aalto Thesis Database

  • Click on the icon to search for and open the thesis you are looking for from Aaltodoc database. You can find the thesis file by clicking the link on the OEV or OEVS field.

Reading the thesis

  • You can either print the thesis or read it on the customer computer screen.
  • You cannot save the thesis file on a flash drive or email it.
  • You cannot copy text or images from the file.
  • You cannot edit the file.

Printing the thesis

  • You can print the thesis for your personal study or research use.
  • Aalto University students and staff members may print black-and-white prints on the PrintingPoint devices when using the computer with personal Aalto username and password. Color printing is possible using the printer u90203-psc3, which is located near the customer service. Color printing is subject to a charge to Aalto University students and staff members.
  • Other customers can use the printer u90203-psc3. All printing is subject to a charge to non-University members.
Location:P1 Ark Aalto  6921   | Archive
Keywords:Web 2.0
AJAX
Mashup
XSS
CSRF
Abstract (eng): One of the core components of Web 2.0 applications is AJAX.
The use of AJAX has transformed the web into a super platform.
But this technological change has also given new types of worm and virus, such as Yamanner and Samy.
Different web applications like Google, Yahoo and MySpace have experienced new vulnerabilities.
Web applications that combine data from different sources are becoming increasingly useful.

An AJAX mashup is a hybrid application.
It uses AJAX techniques to present a rich user interface and updates content that it retrieves asynchronously from different sources or content.
Current browser security models were not designed to support such applications.

Mashup brings new security issues which provide different ways of attacks if proper security policies are not exist in web application.
Web 2.0 applications also increase the possibility of different kinds of attacks such as Cross-site scripting (XSS).
Cross-site Request Forgery (CSRF) and JavaScript Hijacking etc.

This thesis focuses on the AJAX and Mashup security.
The most important technologies used in creating mashups, like AJAX, and the basic functionality behind the mashups are introduced briefly.
After that the security issues concerning the technologies, the principles of mashups and the current security model of web browsers are discussed.
Also, prevention methods against different vulnerabilities are described in this thesis.
ED:2011-05-05
INSSI record number: 41636
+ add basket
« previous | next »
INSSI