ABSTRACT
The attack surface is the composite of all avenues of attack against your application. Until recently, this has usually been looked at only in terms of validating user input. Now the attack surface includes safeguarding data that is output to your client’s display. Creating mashups adds the complexity of streaming data to and from other data providers. This opens up additional possibilities of what is attackable and often loses sight of where that attack might come from. AJAX requests-POST or GET, return data types, JSON or XML, remote connections, HTTP or HTTPS, account management actions, authentication or authorization-create a large mix of situations.
