In Chapter 1, Introduction to Penetration Testing and Web Applications, we reviewed what AJAX and HTML5 do and how they work. In this chapter, we will look deeper into their security aspects and how they can introduce or extend vulnerabilities in web applications and thereby pose new challenges for penetration testers.
As stated in Chapter 1, Introduction to Penetration Testing and Web Applications, AJAX is a combination of technologies, mainly JavaScript, XML and web services, which allow asynchronous HTTP communication between client and server.