AJAX Security (XMLHTTPRequest and IFrame objects)

Ajax security will be an important topic in the near future (despite being a several year old technology). Web-based applications are going to be rewritten using Ajax technology. But in my opinion there is a little difference between classic web-based application and an Ajax-based one in security considerations. The danger happens when you want to do server-side checking (input validations, ...) in client-side (using Ajax or javascript in general). We will not encounter new exploiting mechanisms, instead existing techniques will be performed more using Ajax because Ajax increases the complexity of the code.

This article from it-observer.com worth reading. This article from securityfocus, this one, this, this, this and finally Max Kieler's post to find related links.