Securing Ajax and Web Services

It is undeniable that Web services and AJAX-ified interfaces are the trend now. Application that utilizes internet to retrieve data (such as mobile application or other thin client) uses web services alongside with its data format. AJAX-ified interface and website gives a modern and edgy look can make websites more attractive and can create great impression to the users.

However the issue of the web application security would still remain the same, if not more challenging, since there are so many ways to exploit the vulnerability of websites that utilizes Web Services and AJAX transfers on the background.

Therefore, it is imperative to use the right technique in order to evaluate the security of these services before deploying them out in the open.

For that matter, now I’m currently reading Ajax Security (Hoffman,B. & Sullivan, B.) and Securing Ajax applications (Wells, C.) which in my opinion is a pretty good start for somebody like me to understand common methods for securing web services and websites which uses AJAX heavily.

Hopefully the situation would improved as there are a lot of campaigns around to raise the state of awareness of web application security.