Using AJAX the power behind Web 2.0

AJAX (Asynchronous JavaScript Technology and XML) is one of the emblematic technologies that power Web 2.0. AJAX is not exactly a technology but rather a combination of many existing ones into something new and powerful. However, from a security point of view, this is not necessarily a good news, though it is not true to say that AJAX applications are more insecure than applications written in any other language.

If you don’t follow the best practices to write secure applications, the language you use makes no difference. On the other hand, AJAX combines several technologies (XHTML or HTML and Cascading Style Sheets (CSS), Document Object Model (DOM), XML and XSLT, XML HTTP Request, and JavaScript (JS)) and the weaknesses in all of them are also combined. This is why you do need to make some efforts in order to be able to write and deploy AJAX applications safely and easily. Here are some tips to help you achieve that.

Choose a Reliable Webhosting Provider

AJAX applications are real monsters in terms of hardware and bandwidth requirements. This is hardly surprising because AJAX allows to write powerful applications with lots of functionality and it is quite logical that such applications can’t be executed on your old home computer over dialup. However, some AJAX applications can be so resource hungry that the average web host won’t be able to meet their demands.

This is why you need to look for a best web host. You need a web host with powerful hardware and wide bandwidth. If your application is very heavy and you expect many visitors, you could even consider dedicated hosting.

When you are looking for best web host offers for your AJAX applications, you might want to look for AJAX hosting in particular. Similarly to ASP and ASP.NET hosting, many best web hosts offer AJAX hosting. AJAX hosting means that your package will include everything you need in order to safely and easily deploy AJAX applications.

Follow Common AJAX Security Best Practices

Even the best web host can’t save you if your AJAX application is not written properly. It is true that unlike many of the other web programming languages, AJAX still doesn’t have a tradition in security best practices but there are many resources on the Web where AJAX security principles are discussed. For instance, Top 10 Ajax Security Holes and Driving Factors by Shreeraj Shah is an excellent brief introduction to what you need to have in mind when you write AJAX applications.

AJAX security best practices aren’t much different from the best practices in other web programming languages. Basically you need to take care of authentication, authorization, access control and input validation. Input validation is especially important because you get input from various kinds of untrusted sources.

Set a Test Server Before You Deploy Your AJAX Application Into Production

As with any Web application, when you deploy an AJAX application, it is highly recommendable that you do it on a test server first. Deploying a new application, or modifications to an existing one, on a production server is a suicide. If your web host offers such a functionality, it is best to use a test server of theirs but if this is not possible, you can set a test server inhouse and deploy your AJAX application there.

Try a Self-Hack Test

A self-hack test is a common practice and you might want to try it as well. However, if you plan to do load tests, it might be a good idea to warn your provider – you don’t want to crash their servers, right? Well, if you have chosen a best web host, a simple load test shouldn’t crash their servers but you’d better not bet your life on it. Also, if your self-hack test includes any other steps that might threaten your web host in any way, you must discuss all this in advance.

Deploying AJAX applications securely and easily is a piece of cake, if you have chosen a reliable web host and if you follow AJAX security best practices.