With the explosion of Web 2.0 more focus has been on the security of Web applications. This session will look at Ajax and the security risks it presents. You will find out what dangers Ajax brings to your site and if you really should be afraid. You will learn about SQL injection, DOM injection, JavaScript injection, white lists, and black lists. You will see how simple mistakes can open up the door to hackers! The best part of this talk is when you learn how to use the browser's address bar to cause havoc on your backend. If you think JavaScript's worse threat is a infinite loop with an alert, than you better on head over and find a seat.

Eric Pascarello is the author of Ajax in Action [Manning] and JavaScript: Your visual blueprint for building dynamic Web pages (2nd ed.) [Wiley]. He is a sheriff of the HTML and JavaScript forum at JavaRanch.com and you can find him answering clientside web development questions on the ASP.NET forums as A1ien51. Eric is an Ajax developer at RadiusIM.com and has interests in hiking, ghost hunting, and reading Dilbert.