Penetration Testing

Before moving towards the in depth detail of Ajax hijacking, let us discuss what is Ajax. WHAT IS AJAX AJAX stands for Asynchronous JavaScript and XML. Ajax is used to create fast, efficient and better web applications by using HTML, CSS, XML and JavaScript. It uses DOM and JavaScript for dynamic content display. When the form is submitted, JavaScript request the server and thus the screen is updated. This is done through Ajax at the backend. WHY TO USE AJAX Programmers and computer scientists use Ajax in JavaScript for front end development of modern responsive web applications. They use Ajax because of several features: It is user friendlyFree form serverUsed for live data bindingClient side programming toolMinimized server based resources usageUsed to develop efficient and more interactive web applicationsUsed to develop faster web applicationsMakes the loading time of web page frequent and fasterResponsive UIIt is used in JavaScript so it is all browser compatibleThe server uses less bandwidth because it reloads the page within no time ADVANTAGES OF AJAX It increases the speed of request and response as the traffic load is balancedIt is much responsive as compared to othersData of whole page loads at one timeTo send the requests to the non-ajax pages, XMLHTTPrequest is used to call object as an asynchronous request.Client and browser would not have to wait for the data to arrive. It means Ajax means asynchronous calls to the web server.Ajax provides form validation service for the web pages as it is the common element of web pages. It is the most important feature of Ajax.Reloading time is much minimized because other resources usage such as database queries are held at backend. It helps in performance and speed boost. DISADVANTAGES OF AJAX Despite several advantages and usages of Ajax, there are few disadvantages of Ajax which are the reasons of Ajax hijacking or hacking. It is complexIt is not secure, which is the biggest disadvantageAjax pages cannot be SEO optimizedIt is dependent on JavaScript. The browsers which do not accept JavaScript automatically can’t handle Ajax requests AJAX HIJACKING Ajax hijacking is a technique through which hackers or intruders engage to a website as a valid user and access the sensitive data from the web application. Like so a significant number of such weaknesses, forestalling the class of attacks is simple. By and large, it requires only a couple extra lines of code. Furthermore, as so numerous product security issues, software engineers need to comprehend the security ramifications of their work so they can alleviate the dangers they face. In any case, my conjecture is that JavaScript hijacking won't be comprehended so effectively, in light of the fact that software engineers don't comprehend the security ramifications of their work and won't forestall the attacks. In Ajax or JavaScript hijacking, the hacker can access the web application through a weak loophole and thus the domain of an application is changed with a different domain. Let’s have a look at an example where the intruder gains the access of an e-mail as a legal user. Moreover, he can read and perform all the operations that a legal user can perform. He can now send vulnerable or threatening emails to people by the name of the valid user. CONCLUSION Due to all these short comings hackers feel free to make vulnerable attacks to the Ajax. Less secure framework enable hackers to hijack and misuse the web applications.

Penetration Testing

Ajax Hacking

Penetration Testing Introduction

Basic Penetration Testing Tools

Passive Footprinting

Information Gathering for Ethical Hackers