104 Software Development Life Cycle (SDLC) Based Method to Test Security of the Ajax-Enabled Rich Internet Applications

Due to the advantages that Rich Internet Application has provided for its users, it is becoming increasingly applicable and has transformed the World Wide Web from it's traditional state, which is dependency on server-side, to an interactive relationship between server and client. Rich Internet Application(RIA) is utilizing various technologies such as Ajax, Flex, Silverlight and etc. Among them Ajax is more popular with developers due to its advantages and exclusive characteristics. Just as arrival of new technologies is accompanied by new problems, the arrival of Ajax to the World Wide Web was also accompanied by new challenges and security vulnerabilities. Since the security of the users is of great importance in the web environment, efforts have been made on presenting various methods of security testing of Aj ax-Enabled RIA but, The asymmetric and vague behavior, and diverse technologies employed in Ajax, results in the disability to utilize the traditional security testing methods that were used for normal web applications. Therefore, the need for a method to test all the security aspects of an Ajax-Enabled RIA from its appearance to application in the web, is felt. No testing method can reach this goal unless it is accompanied by the SDLC to test the security requirements of the Ajax-Enabled RIA. The proposed solution in this paper is a SDLC based method, that can test all the existing vulnerabilities in an Ajax-Enabled RIA. The solution is an integrated process to test all security aspects of the Ajax-Enabled RIA. The main advantages of this workflow include: higher reliability than other methods, being integrated with SDLC, completeness and Ajax technology compatibility.