Ajax helps create an environment where a Web-based application operates more like desktop applications. The technology let applications fetch new content without having to redraw an entire Web page. Ajax is typically considered to be part of the "Web 2.0" technology push.
"\[Recent surveys indicate\] that almost 75 percent of enterprises plan on increasing their investment in Web 2.0 technologies, it is clear that we need to address the issue now," said Brian Chess, co-founder and chief scientist at Fortify. "Unlike vulnerabilities that are tied to a specific application or operating system, there is no single vendor to which this issue can be reported and resolved. In fact, many rich Web applications don't use any framework at all. As a result, we need to educate software developers about the risk that Web 2.0 brings."
Fortify's research is based in part on the work of Jeremiah Grossman, who is CTO at Whitehat Security, and Joe Walker, creator of the DWR framework.
"New technology often leads to new risks and opens unforeseen avenues of malicious attack. Once understood, developers need to ensure the necessary safeguards are in place when they break new ground," said Grossman. "Those responsible for the security of Web 2.0 deployments need to take this issue seriously and implement the steps necessary to resolve the issue before the risk results in \[security incidents\]."