Billy Hoffman, lead research and development engineer at web security vendor SPI Dynamics, said at the Black Hat conference last week that many web developers are not paying attention to basic AJAX security issues.
AJAX allows a web site to refresh content without reloading the entire page.
Among the biggest threats, said Hoffman, is that poorly coded AJAX sites can provide hackers with an opening to change the order in which a program executes functions.
Hoffman and Sullivan explained the security holes to attendees during a session at the conference.
Find your next job with computerworld UK jobs