We have previously addressed how the increase in the client-side code can lead to potential security issues. AJAX uses XMLHttpRequest (XHR) objects to send asynchronous requests to the server. These XHR objects are implemented using client-side JavaScript code.

There are several ways to learn more about the client-side code. Viewing the source by pressing the Ctrl + U shortcut will reveal the underlying JavaScript that creates the XHR objects. If the web page and script are large, analyzing the application by viewing the source won't be helpful and/or practical.

To learn more about the actual request sent by the script, you can use a web application proxy and intercept the traffic, but the request will reach the proxy after passing through a number of processes in the client's script code, which may include validation, encoding, encryption, and other modifications that will complicate your understanding of how the application works.

In this section...