We keep hearing that AJAX increases the attack vectors with multiple different ways in, because it just increases the level of knowledge a hacker might have about an application. Personally I think it's bullshit. Does it increases the attack vectors? Yes. But can you control that? Absolutely and through very basic monitoring of javascript. And javascript is very difficult because it's a non-compiled code. In the javascript itself you have complexities by errors that can be introduced into the scripts if you don't necessarily check statically. So static analysis within javascript is an extraordinarily rich technology in order to ensure how robust that javascript is. So you do security checks and input validation mechanisms. For example, a check to make sure that the input is validated, right off the back, eliminates those errors across the board.

Over the past 3 years, there has been a significant number of start-up companies that have created their niche in the marketplace based on security and code analysis. They are over-blowing this. The threat is real, but the way you handle it is very simple. Parasoft has been on the marketplace for 9 years with this kind of capability to check this stuff, so this is not new and it's very simple to handle it.