The XMLHttpRequest Object specification defines an API that provides scripted client functionality for transferring data between a client and a server.

Documenting changes since Last Call, the Web API Working Group has released an updated Working Draft of “The XMLHttpRequest Object.” The core component of Ajax, the XMLHttpRequest object is an interface that allows scripts to perform HTTP client functions, such as submitting form data or loading data from a remote Web site. Read about the Rich Web Clients Activity.

Read more about AJAX programming from Wikipedia and Rich Web Clients page at W3C.

There’s a new (published May, 2007) book about web application security “Cross Site Scripting Attacks: XSS Exploits and Defense” written by Jeremiah Grossman of WhiteHat Security, Inc.

“Gartner Group has stated that today, over 70% of cyber attacks occur at the Web (or website) application layer.” — whitehatsec.com.

Jeremiah Grossman has been recently named one of InfoWorld’s Top 25 CTOs.

As a web developer and UI designer, web application security is rapidly becoming a necessary skillset to have in your online arsenal during web application development. It is said that XSS (Cross Site Scripting) is the new “buffer overflow” and malware (malicious software) delivery can perpetuate through a vulnerable web site and a deviously crafted URI — giving rise to the popularity of online “phishing” scams and other potentially dangerous exploits.

javascript:var foo = {baz: 'bizzer'};
var bar = foo;
bar.baz = 'bazzer';
alert(foo.baz + ' == ' + bar.baz);

As you can see the object’s property of ‘baz’ is updated in both foo object and bar object (a copy or reference to foo).