Ajax Fingerprinting for Web 2.0 Applications
by Shreeraj Shah - net square - Tuesday, 30 January 2007.
Fingerprinting is an age old concept and one that adds great value to assessment methodologies. There are several tools available for fingerprinting operating systems (nmap), Web servers (httprint), devices, etc. Each one of these tools uses a different method – inspecting the TCP stack, ICMP responses, HTTP responses. With this evolution of Web 2.0 applications that use Ajax extensively, it is important to fingerprint Ajax tools, framework or library used by a particular web site or a page. This paper describes the method of doing Ajax fingerprinting with a simple prototype serving as an example.

Ajax fingerprinting can help in deriving the following benefits:
  • Vulnerability detection – Knowledge of the framework on which a web application is running, allows the mapping of publicly known vulnerabilities found for that particular framework. Example – DWR client side vulnerability.
  • Architecture enumeration – On the basis of derived information from fingerprinting it is possible to guess application architecture and inner working of a system. Example – Atlas (.NET application framework), DWR (Servelet/JavaScript combo).
  • Assessment methodology – Derived information from the fingerprinting phase can help in defining future assessment path and vulnerability detection methods. Example – Deciding on JavaScript-scanning.
Download the paper in PDF format here.

Spotlight

How to keep your contactless payments secure

Posted on 19 September 2014.  |  Fraudsters can pickpocket a victim’s financial data using low-cost electronics that can fit into a rucksack. Here are the top security threats you should be aware of if you’re using a RF-based card, along with our top safety tips to keep your payments secure.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //