Hi,
My work is putting in a large application that is basically split up
between 30 or so Javascript files. I have some security concerns about
this application.
Basic security concerns is:
1. Possible SQL injection and other forms of injection attacks on URLS
of various server side components javascript accesses.
2. possible client side database access.
3. Incorrect use of http get for operations with possible side effects.
The security problems are probably relatively harmless. Mainly because
the application should be running behind firewall.
However I would like to have an analysis tool that can go over the
javascript code and allow me to see what urls are being called with
what parameters.
Javascript that writes new javascript into page (so I can get all
javascript files of application for analysis)
I know there are various javascript profilers and the like, anything
out there that helps in the analysis of this kind of application?