AppSec - Cross Site Request Forgery: What Attackers Don't Want You to Know

The new and upcoming cross domain request ability in Level 2 XHR and in XDR generates very interesting opportunities for both AJAX technologies and hacking communities. This new generation of technologies has security built into them from the start, and the access control component is built by industry consensus. There are no doubts that the security research community and hackers will leverage this newly gained cross domain function in their future arsenal, but they will first have to get past the various controls put in place by the W3C standard. Web developers need to understand these technologies to protect their applications from the ill side effects.