Improving Vulnerability Scanner Performance in Detecting AJAX Application Vulnerabilities

Abstract

The development of internet and web application gave birth to a new technology called AJAX. Web application utilizes this technology and create a new trend in web application – AJAX application. As a web application, there are some security issues related to AJAX application, one of which is the existence of web application vulnerabilities. These vulnerabilities can be detected using a tool called vulnerability scanner. A vulnerability scanner has three processes – crawling, attack and analysis. However, AJAX’s characteristics makes it hard for vulnerability scanner to do its job properly. One of the reason is the ability to change the content of DOM without reloading the page, called dynamic DOM, in AJAX application. A dynamic DOM makes it impossible for conventional crawling method to crawl an AJAX application properly and thus, reducing the overall performance of vulnerability scanner. A method to crawl an AJAX application is called AJAX crawling. In this paper, we propose a method to improve the performance of vulnerability scanner by implementing AJAX crawling as its crawling process. This method has been tested by scanning a news aggregator web application called Gregarius version 0.5.2. From the result, this method can be used to detect vulnerabilities in AJAX application.