Ars Technica

Study finds that AJAX toolkits don’t protect against JavaScript security vulnerabilities

A security advisory (PDF) issued by Fortify Software reveals that the vast majority of popular AJAX toolkits have no built-in security mechanisms to protect against JSON-based cross-site request ...
Dark Reading

Can We End CSRF With Header-Based Browser Policies?

As the security community continues to look for easier ways to mitigate the risk of all-too-common Cross-Site Request Forgery (CSRF) attacks, many within the industry have lamented the difficulties ...