With so many Web 2.0 applications being written in AJAX, it was only a matter of time before the vulnerabilities began to crop up, but no one expected the unusual form they would take. This session by the man who discovered the first cross-vendor AJAX vulnerability - JavaScript Hijacking - will detail it and other security concerns while also discussing ways that AJAX could be implemented to make it less risky. Finally, we will take a look at AJAX security incidents to-date, and identify the ways that increased adoption of AJAX is likely to change the way hackers behave.