ModSecurity Use Case:
Web 2.0 Defense with Ajax Fingerprinting and Filtering
Ajax is fast becoming an integral part of new generation Web
applications known as Web 2.0 applications. This evolution has led to
new attack vectors coming into existence around these new
This article is largely based on Shreeraj Shah’s article of the same name that appeared in the
December 2006 edition of Insecure Magazine (http://www.net-
security.org/dl/insecure/INSECURE-Mag-9.pdf). Ryan C. Barnett, Director of Application Security
Training at Breach Security, has updated numerous sections to reflect the advanced ModSecurity
2.0 rules language.
To combat these new threats one needs to look at different strategies as well. In this paper we
shall look at different approaches and tools to improve security posture at both, the server as well
as browser ends. Listed below are the key learning objectives:
The need for Ajax fingerprinting and content filtering.
The concept of Ajax fingerprinting and its implementation in the browser using XHR.
• Processing Ajax fingerprints on the Web server.
Implementation using ModSecurity for Apache
• Strengthening browser security using HTTP response content filtering of untrusted
information directed at the browser in the form of RSS feeds or blogs.
• Web application firewall (WAF) for content filtering and defense against Cross-Site
Requirement for Ajax fingerprints and filtering
Ajax is being used very liberally in next generation Web applications, forming an invisible layer in
the browser’s transport stack and bringing to the fore numerous browser-related attacks, all
centered around Ajax. Although Ajax applications hold a lot of promise, there are loopholes being
exploited by viruses, worms and malicious attackers in Web 2.0 applications that need to be
looked at a little more closely. Ajax hides a lot of server-side critical resources due to its calling
mechanism, bringing in sloppiness in coding patterns and fueling vuln