Welcome!

AJAX & REA Authors: John Funnell, Bob Little, Kevin Hoffman, Maureen O'Gara, Onkar Singh

Related Topics: AJAX & REA

AJAX & REA: Article

Rapid7 Introduces AJAX For Dynamic Web Programming

Rapid7 is First to Deliver a Vulnerability Scanning Solution That Analyzes Code in Deployed Web Applications
By RIA News Desk
Article Rating:
November 17, 2006 01:15 PM EST
Reads:
 6,316

Rapid7, has introduced Browser Emulation Scanning Technology (BEST) for scanning Web applications for vulnerabilities in JavaScript code. With BEST, Rapid7 takes NeXpose’s robust, automatic Web spidering and analysis capabilities to the next level, and is the first to provide a vulnerability scanning solution that analyzes JavaScript code in deployed, running Web applications.

Rapid7 developed BEST in response to the increased use of Asynchronous JavaScript and XML (AJAX) for dynamic Web programming, which makes Web sites and applications vulnerable to Document Object Model or DOM-based cross-site scripting (XSS) and other risks. DOM-based XSS allows an attacker to trick a Web application into emitting malicious JavaScript or HTML code that appears to come from the application when it runs in the browser of an unsuspecting user.

NeXpose thinks like the browser and performs static analyses of the JavaScript code embedded in Web applications. As a result, NeXpose uncovers exposures not found by other vulnerability assessment solutions, which only scan for vulnerabilities at the server and application levels.

 “With the explosion of AJAX for developing interactive Web applications, there is more complex, rich-client functionality via JavaScript, which creates further opportunities for exposures that can put organizations at risk,” said Alan Matthews, president of Rapid7 LLC. “Web 2.0 contains numerous threats, such as DOM-based cross-site scripting, race conditions, cross-site request forgery (XSRF) and data manipulation. NeXpose eliminates these threats by taking a multi-pronged approach that includes front and back-end scanning of the Web server, Web applications and the embedded JavaScript code.”

“Because Web applications are frequently modified, they are more susceptible to vulnerabilities, particularly within their source code,” stated Neil MacDonald, VP and Distinguished Analyst, Gartner. “The increasing use of rich user interface designs in AJAX-based Web applications means that JavaScript source code scanning must become a standard part of Web application security scanning.”

Published November 17, 2006 – Reads 6,316
Copyright © 2006 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.

More Stories By RIA News Desk

Ever since Google popularized a smarter, more responsive and interactive Web experience by using AJAX (Asynchronous JavaScript + XML) for its Google Maps & Gmail applications, SYS-CON's RIA News Desk has been covering every aspect of Rich Internet Applications and those creating and deploying them. If you have breaking RIA news, please send it to RIA@sys-con.com to share your product and company news coverage with AJAXWorld readers.

Comments (1) View Comments

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

Most Recent Comments
AJAXWorld News Desk 11/15/06 10:56:02 AM EST

Rapid7, has introduced Browser Emulation Scanning Technology (BEST) for scanning Web applications for vulnerabilities in JavaScript code. With BEST, Rapid7 takes NeXpose?s robust, automatic Web spidering and analysis capabilities to the next level, and is the first to provide a vulnerability scanning solution that analyzes JavaScript code in deployed, running Web applications.