"We are seeing a rise in web application attacks because people are realising that it is easier to go through the web application," Billy Hoffman, a lead security researcher with Spi Dynamics, told vnunet.com.
"There is all sorts of money to be made in web security," Hoffman said at the AjaxWorld conference in Santa Clara, California.
"It is often easier to attack an application through the web layer than by trying to break through the firewall or spoof around the intrusion detection system. Criminals take the path of least resistance."
From the end-user perspective, Ajax is a programming technique that allows websites to pre-fetch data and facilitate more interactive websites.
Under the hood, Ajax uses web services techniques such as XML to transmit information directly from a database to the website.
In a non-Ajax application, the same application would have required a web server to build the actual webpage presented to the user. But an Ajax application combines disparate data sources directly on the client system.
Whereas the database was kept within the safe confines of the corporate firewall, Ajax requires the services to be directly accessed by outside systems. "When you 'Ajaxify' an application, it increases the attack surface," said Hoffman.
Yahoo was hit by a security vulnerability in its online mail service last summer.
A maliciously crafted email message allowed attackers to access users' email accounts, download the contents of their address books and send out spam emails from the hacked accounts.
Such threats are known as cross-site scripting vulnerabilities (commonly referred to as XSS) because they span several services.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago