Both Flash and Ajax contain known potential security holes
Both Flash and Ajax contain known potential security holes. Nevertheless, developers rely on them for building an interactive Web presence. IBM has added AppScan to its Rational tools line to in a bid to cope with new vulnerabilities.Rational AppScan can both scan and continuously monitor interactive Web applications and SOA services built as Web services to spot potential exposures.
MySpace hackers have in the past planted Ajax code in fields meant to be links, causing the code to run in an unsuspecting user’s browser when the link is clicked, a practice known as cross-site scripting. Likewise, manipulative users can submit SQL commands where a value is sought for a database process, and the database, running the command, produces unanticipated results, a vulnerability known as SQL injection. AppScan can watch for such activity and alert administrators if it’s spotted, said Scott Hebner, Rational’s VP of marketing.
More at http://www.informationweek.com/news/