AJAX Poses Security, Performance Risks

Forum Systems issues an alert, claiming Asynchronous JavaScript and XML leaves applications exposed to Web services vulnerabilities.

Web services and service-oriented architecture security software provider Forum Systems issued an alert on Jan. 30 for AJAX-related security threats and performance issues. Asynchronous JavaScript and XML, or AJAX, enables responsive and interactive Web services; however, the reliance on XML as the content type for requests and response payloads means that applications are exposed to Web services vulnerabilities, Forum officials said. Thus, officials at the Sandy Utah, company recommend that organizations implement XML content filtering, Web services security and XML acceleration capabilities to ensure scalable and secure AJAX applications. Peter Coffee says AJAX is no overnight success. Click here to read why.
Forum Systems officials said AJAX dramatically increases the amount of XML network traffic being transmitted, exposing applications to Web services vulnerabilities; AJAX extends Web services from business-to-business to business-to-consumer and transforms a users Web browser into a Web services portal, thus exposing it to potentially corrupted data that can cause the browser to crash or perform poorly; malformed messages can disrupt server performance due to excessive parsing and exception handling; and XML messages can consume more than double the bandwidth of traditional binary data formats, leading to systemwide performance degradation. Forum Systems recommends that organizations implement XML content filtering, Web services security and XML acceleration capabilities to ensure scalable and secure AJAX applications. Wallid Negm, vice president of marketing at Forum Systems, said Forums XWall XML Web Services Firewall features XML filtering and Web services security and serves as an AJAX scalability solution. "By acknowledging the exposure of AJAX applications, developers and administrators will be well-prepared to handle even accidental events that may disrupt business," said Jason Bloomberg, an analyst with ZapThink LLC, in a statement. The XWall Web Services Firewall features data validation, XML intrusion prevention, content filtering, WS-Security processing and content acceleration. Pricing for Forum XWall starts at $2,500 for software and $30,000 for hardware configuration. Check out eWEEK.coms for the latest news, reviews and analysis in Web services.