This article, provided an overview of different ways in which Web 2.0 applications avoid the same-origin policy. It also demonstrated how this opens up some new attack vectors to Web applications. It discusses some common types of attacks and the results that attackers can obtain. Finally, it concluded with a best practices section, which you can use to avoid some of the most common Ajax application attacks.