Ajax developers should check out a report on Ajax vulnerabilities in several Ajax libraries, and download the extensive advisory. The advisory details the vulnerabilities, and how to protect against.
It’s always a bit risky to put out such details, but I, as a developer, really appreciate such because it allows me to better understand how to protect against security risks. Much of the discussion of the vulnerabilities in this advisory isn’t necessarily new, but it does cover newer issues, vulnerabilities in popular libraries, as well as overall issues.
Money quote:
An application can be mashup-friendly or it can be secure, but it cannot be both.
