AJAX ASPNET Security
Basically this will cover any attacks on web applications which use AJAX in the front end and communicates with the Asp.net server side scripts.
The Following points should be taken into consideration when assessing such environments.
- The Server side pages which serve the AJAX request should be XSRF free.
- Page Authorization logic should be eliminated from the ajax code.
- Incase JSON is used, don't send critical business data in the JSON response.
- Do not use the server side ajax methods extensively as it will overload the handlers and can potentially cause a denial of service attack.