Over the past few months I've had the chance of creating two full-blown presentations for Microsoft Technet/MSDN dealing with AJAX. (Each 'presentation' was a for an hour long presentation with accompanying demos - I'll post links to them if I ever see them become available on the MS site.) The first presentation dealt with Ajax Security Best Practices in general (i.e. not just focused on Microsoft's AJAX offerings, but AJAX in general). The second presentation was a round-up of ASP.NET AJAX Best Practices.
In the process of creating those sessions, I ended up doing tons of online research, which resulted in hundreds of links. What follows is a filtered/aggregated list of some of the resources that I used - though this list is by no means exhaustive (and many of the links in the Intro section are pretty obvious - but the other links are all excellent).
Introduction
AJAX Defined
http://www.adaptivepath.com/publications/essays/archives/000385.php
The Benefits of AJAX
http://www.developer.com/java/other/article.php/3554271
http://dotnet.org.za/adam/archive/2005/04/12/17006.aspx
AJAX has been around for a while
http://www.axentric.com/posts/default/8
AJAX Architecture
http://www.adaptivepath.com/publications/essays/archives/000385.php
http://en.wikipedia.org/wiki/XMLHttpRequest
AJAX Still suffers from the same problems as other application development
http://dotnetslackers.com/Ajax/re-42465_Why_some_of_.....
Code Management and Extensibility
JavaScript best practices
http://www.bobbyvandersluis.com/articles/goodpractices.php
Unobtrusive Coding
http://ajaxpatterns.org/Why_Ajax_Patterns
http://softwareas.com/ajax-patterns
http://www.w3schools.com/tags/tag_font.asp
http://snook.ca/archives/javascript/clear_links_to_1/
http://www.asp.net/CSSAdapters/Default.aspx
ASP.NET AJAX Behaviors and Extenders
http://ajax.asp.net/docs/tutorials/ExtenderControlTutorial1.aspx
http://ajax.asp.net/docs/tutorials/IScriptControlTutorial1.aspx
Benefits of Unobtrusive Coding
http://en.wikipedia.org/wiki/Unobtrusive_JavaScript
http://digital-web.com/articles/separating_behavior_and_structure_2/
http://www.bobbyvandersluis.com/articles/goodpractices.php
http://snook.ca/archives/javascript/clear_links_to_1/
Accessibility
W3C Accessibility Guidelines
http://www.w3.org/TR/WAI-WEBCONTENT/
Accessibility in General
http://aspnetpodcast.com/CS11/blogs/asp.net_podcast/archive/2006/.....
http://www.thinkvitamin.com/features/design/whats-next-for-web-accessibility
http://developer.yahoo.com/yui/articles/gbs/gbs.html
http://blindconfidential.blogspot.com/2006/05/quagmire-of-web-accessibility.html
Accessibility and AJAX Applications
http://www.dashes.com/anil/2005/09/06/web_development
http://www.washington.edu/computing/accessible/accessibleweb/ajax_accessible.html
http://www.maxkiesler.com/index.php/weblog/comments
/how_to_make_your_ajax_applications_accessible/
Progressive Enhancement / HIJAX
http://en.wikipedia.org/wiki/Hijax
Scalability
AJAX and Scalability
http://west-wind.com/weblog/posts/2725.aspx
http://www.relevancellc.com/2006/4/21/ajax-and-server-scalability-theory-and-practice
UpdatePanels and Web Services
http://west-wind.com/weblog/posts/2725.aspx
http://blogs.msdn.com/mikeormond/archive/2007/01/31/the-asp-...
http://blogs.msdn.com/mikeormond/archive/2007/02/01/on-updatepanel-...
http://www.dotnetjunkies.com/Article/46630AE2-1C79-4D5F-827E-6C2857FF1D23.dcik
http://blogs.msdn.com/tess/archive/2006/02/23/537681.aspx
Micro Caching
http://msdn2.microsoft.com/en-us/library/system.web.caching.aspx
Security
General AJAX Security
http://www.securityfocus.com/infocus/1868
http://www.it-observer.com/articles/1062/ajax_security/
http://www.net-security.org/article.php?id=949&p=1
Security Best Practices
http://webdesign.about.com/gi/dynamic/offsite.htm?site=http://www.tec...
http://blogs.ittoolbox.com/security/dmorrill/archives/ajax-and-information-security-10026
http://msdn2.microsoft.com/en-us/library/aa302417.aspx
Validation Problems
http://www.net-security.org/article.php?id=949&p=4
ASP.NET and Web Attacks
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/....
Cross Site Scripting
http://en.wikipedia.org/wiki/XSS
http://www.cgisecurity.com/articles/xss-faq.shtml
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAGHT000004.asp
http://getahead.ltd.uk/dwr/ajax/cross-domain-xhr
XSS and CSRF
http://sla.ckers.org/forum/read.php?3,3843,3871#msg-3871
http://en.wikipedia.org/wiki/CSRF
http://sla.ckers.org/forum/list.php?4
Anti XSS Library from Microsoft
http://www.microsoft.com/downloads/details.aspx?FamilyID=...
Anti CSRF Measures – ViewStateUserKey
www.blackhat.com/presentations/bh-usa-06/BH-US-06-Gallagher.pdf
http://msdn2.microsoft.com/en-US/library/system.web.ui.page.viewstateuserkey.aspx
Defense in Depth and ASP.NET Authentication/Authorization
http://cyberforge.com/weblog/aniltj/archive/2004/10/09/685.aspx
JS and CSS ‘history sniffing’
http://jeremiahgrossman.blogspot.com/2006/08/i-know-where-youve-been.html
XMLHttpRequest Best Practices
http://www.devx.com/webdev/Article/28861
http://jeremiahgrossman.blogspot.com/2006/07/my-black-hat-usa-2006-presentation.html
http://www.darknet.org.uk/2006/04/ajax-is-your-application-secure-enough/
http://getahead.ltd.uk/dwr/ajax/cross-domain-xhr
Xml Poisoning
http://msdn2.microsoft.com/en-gb/library/system.xml.xmlreader.
canresolveentity(VS.80).aspx
http://msdn2.microsoft.com/en-gb/library/system.xml.xmlresolver(VS.80).aspx
http://msdn2.microsoft.com/en-gb/library/system.xml.xmlsecureresolver(VS.80).aspx
http://forumsystems.com/papers/Anatomy_of_Attack_wp.pdf
Microsoft Patterns and Practices: Improving Web Application Security – Threats and Countermeasures
http://msdn2.microsoft.com/en-us/library/ms994921.aspx
http://www.microsoft.com/downloads/details.aspx?FamilyId=....
Additional AJAX Attack Vectors
Comments