\documentclass[10pt,a4paper]{article}

% Packages
\usepackage{fancyhdr}           % For header and footer
\usepackage{multicol}           % Allows multicols in tables
\usepackage{tabularx}           % Intelligent column widths
\usepackage{tabulary}           % Used in header and footer
\usepackage{hhline}             % Border under tables
\usepackage{graphicx}           % For images
\usepackage{xcolor}             % For hex colours
%\usepackage[utf8x]{inputenc}    % For unicode character support
\usepackage[T1]{fontenc}        % Without this we get weird character replacements
\usepackage{colortbl}           % For coloured tables
\usepackage{setspace}           % For line height
\usepackage{lastpage}           % Needed for total page number
\usepackage{seqsplit}           % Splits long words.
%\usepackage{opensans}          % Can't make this work so far. Shame. Would be lovely.
\usepackage[normalem]{ulem}     % For underlining links
% Most of the following are not required for the majority
% of cheat sheets but are needed for some symbol support.
\usepackage{amsmath}            % Symbols
\usepackage{MnSymbol}           % Symbols
\usepackage{wasysym}            % Symbols
%\usepackage[english,german,french,spanish,italian]{babel}              % Languages

% Document Info
\author{binca}
\pdfinfo{
  /Title (ajax.pdf)
  /Creator (Cheatography)
  /Author (binca)
  /Subject (AJAX Cheat Sheet)
}

% Lengths and widths
\addtolength{\textwidth}{6cm}
\addtolength{\textheight}{-1cm}
\addtolength{\hoffset}{-3cm}
\addtolength{\voffset}{-2cm}
\setlength{\tabcolsep}{0.2cm} % Space between columns
\setlength{\headsep}{-12pt} % Reduce space between header and content
\setlength{\headheight}{85pt} % If less, LaTeX automatically increases it
\renewcommand{\footrulewidth}{0pt} % Remove footer line
\renewcommand{\headrulewidth}{0pt} % Remove header line
\renewcommand{\seqinsert}{\ifmmode\allowbreak\else\-\fi} % Hyphens in seqsplit
% This two commands together give roughly
% the right line height in the tables
\renewcommand{\arraystretch}{1.3}
\onehalfspacing

% Commands
\newcommand{\SetRowColor}[1]{\noalign{\gdef\RowColorName{#1}}\rowcolor{\RowColorName}} % Shortcut for row colour
\newcommand{\mymulticolumn}[3]{\multicolumn{#1}{>{\columncolor{\RowColorName}}#2}{#3}} % For coloured multi-cols
\newcolumntype{x}[1]{>{\raggedright}p{#1}} % New column types for ragged-right paragraph columns
\newcommand{\tn}{\tabularnewline} % Required as custom column type in use

% Font and Colours
\definecolor{HeadBackground}{HTML}{333333}
\definecolor{FootBackground}{HTML}{666666}
\definecolor{TextColor}{HTML}{333333}
\definecolor{DarkBackground}{HTML}{3AA32A}
\definecolor{LightBackground}{HTML}{F2F9F1}
\renewcommand{\familydefault}{\sfdefault}
\color{TextColor}

% Header and Footer
\pagestyle{fancy}
\fancyhead{} % Set header to blank
\fancyfoot{} % Set footer to blank
\fancyhead[L]{
\noindent
\begin{multicols}{3}
\begin{tabulary}{5.8cm}{C}
    \SetRowColor{DarkBackground}
    \vspace{-7pt}
    {\parbox{\dimexpr\textwidth-2\fboxsep\relax}{\noindent
        \hspace*{-6pt}\includegraphics[width=5.8cm]{/web/www.cheatography.com/public/images/cheatography_logo.pdf}}
    }
\end{tabulary}
\columnbreak
\begin{tabulary}{11cm}{L}
    \vspace{-2pt}\large{\bf{\textcolor{DarkBackground}{\textrm{AJAX Cheat Sheet}}}} \\
    \normalsize{by \textcolor{DarkBackground}{binca} via \textcolor{DarkBackground}{\uline{cheatography.com/44948/cs/13445/}}}
\end{tabulary}
\end{multicols}}

\fancyfoot[L]{ \footnotesize
\noindent
\begin{multicols}{3}
\begin{tabulary}{5.8cm}{LL}
  \SetRowColor{FootBackground}
  \mymulticolumn{2}{p{5.377cm}}{\bf\textcolor{white}{Cheatographer}}  \\
  \vspace{-2pt}binca \\
  \uline{cheatography.com/binca} \\
  \end{tabulary}
\vfill
\columnbreak
\begin{tabulary}{5.8cm}{L}
  \SetRowColor{FootBackground}
  \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Cheat Sheet}}  \\
   \vspace{-2pt}Not Yet Published.\\
   Updated 9th November, 2017.\\
   Page {\thepage} of \pageref{LastPage}.
\end{tabulary}
\vfill
\columnbreak
\begin{tabulary}{5.8cm}{L}
  \SetRowColor{FootBackground}
  \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Sponsor}}  \\
  \SetRowColor{white}
  \vspace{-5pt}
  %\includegraphics[width=48px,height=48px]{dave.jpeg}
  Measure your website readability!\\
  www.readability-score.com
\end{tabulary}
\end{multicols}}


\begin{document}
\raggedright
\raggedcolumns

% Set font size to small. Switch to any value
% from this page to resize cheat sheet text:
% www.emerson.emory.edu/services/latex/latex_169.html
\footnotesize % Small font.

\begin{multicols*}{2}

\begin{tabularx}{8.4cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{Asynchronous JavaScript and XML}}  \tn
% Row 0
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{AJAX enables Web 2.0 using JavaScript and XML to provide dynamic application functions.} \tn 
% Row Count 2 (+ 2)
% Row 1
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{Results in "thick" client-like functionality.} \tn 
% Row Count 3 (+ 1)
% Row 2
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{JavaScript creates XMLHttpRequest objects that can request and receive asynchronously, updating the display as responses are received.} \tn 
% Row Count 6 (+ 3)
% Row 3
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{{\bf{XMLHttpRequest}} objects are the heart of AJAX, enabling JavaScript to make requests in the background.} \tn 
% Row Count 9 (+ 3)
% Row 4
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{Begin using XMLHttpRequest object with {\bf{xmlhttp = new XMLHttpRequest()}}} \tn 
% Row Count 11 (+ 2)
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{x{3.6 cm} x{4.4 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{XMLHttpRequest Methods and Properties}}  \tn
% Row 0
\SetRowColor{LightBackground}
{\bf{open()}} & Specifies the properties of the request, but it does NOT initiate a connection. \tn 
% Row Count 4 (+ 4)
% Row 1
\SetRowColor{white}
{\bf{send()}} & Creates the connection; specifies the function is called when the ready state changes. \tn 
% Row Count 8 (+ 4)
% Row 2
\SetRowColor{LightBackground}
{\bf{readyState}} & Set with the state of the request \tn 
% Row Count 10 (+ 2)
% Row 3
\SetRowColor{white}
{\bf{onreadystatechange}}\{\{nobreak\}\} & Sets which function should be called when ready state changes. \tn 
% Row Count 13 (+ 3)
% Row 4
\SetRowColor{LightBackground}
{\bf{responseText}} & The response from the server is placed here. \tn 
% Row Count 15 (+ 2)
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{p{1.2 cm} x{6.8 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{readyState}}  \tn
% Row 0
\SetRowColor{LightBackground}
{\bf{0}} & The request is uninitiliazed \tn 
% Row Count 1 (+ 1)
% Row 1
\SetRowColor{white}
{\bf{1}} & The request has been set up \tn 
% Row Count 2 (+ 1)
% Row 2
\SetRowColor{LightBackground}
{\bf{2}} & The request has been sent \tn 
% Row Count 3 (+ 1)
% Row 3
\SetRowColor{white}
{\bf{3}} & Waiting for a response \tn 
% Row Count 4 (+ 1)
% Row 4
\SetRowColor{LightBackground}
{\bf{4}} & The response is complete \tn 
% Row Count 5 (+ 1)
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\SetRowColor{LightBackground}
\mymulticolumn{2}{x{8.4cm}}{It provides information about the state of the server's response to a request.}  \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{Mashups}}  \tn
% Row 0
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{Popular feature of AJAX enabled sites is to combine 2 or more apps to provide more features.} \tn 
% Row Count 2 (+ 2)
% Row 1
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{Proxies are often used to circumvent same-origin policy because AJAX does not change it.  Many apps use a built-in proxy.} \tn 
% Row Count 5 (+ 3)
% Row 2
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{Main issue is control of URLs to proxy.  Proxies use GET or POST parameters to call backend site.  If these are changed an attacker can proxy to a different site or instruct it to load malicious JavaScript.  {\bf{Check strings}} are often used to prevent this.} \tn 
% Row Count 11 (+ 6)
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{Attack Surface}}  \tn
% Row 0
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{AJAX does not add new attacks but it does increase the attack surface because there is more client-side code and business logic on the client.} \tn 
% Row Count 3 (+ 3)
% Row 1
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{Typical attacks are XSS, SQLi, and it lends itself toward CSRF because functionality is called directly by the client code.} \tn 
% Row Count 6 (+ 3)
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{AJAX Mapping}}  \tn
% Row 0
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{It is more difficult because many tools cannot parse and handle the client-side logic, especially dynamically generated links can cause issue} \tn 
% Row Count 3 (+ 3)
% Row 1
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{Manual work and tool verification is often necessary.} \tn 
% Row Count 5 (+ 2)
% Row 2
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{{\bf{Burp}} and {\bf{ZAP}}, with {\bf{AJAX Spider}}, can often ably handle AJAX applications.} \tn 
% Row Count 7 (+ 2)
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{Exploitation}}  \tn
% Row 0
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{It is not more difficult but many tools require manual priming.} \tn 
% Row Count 2 (+ 2)
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{JavaScript Libraries/Frameworks}}  \tn
% Row 0
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{AJAX lends itself to complex frameworks; many common files are used within apps and functions are often included on all pages forsimplicity.} \tn 
% Row Count 3 (+ 3)
% Row 1
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{Non-AJAX applications can also make use of API files.} \tn 
% Row Count 5 (+ 2)
% Row 2
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{Most commonly JavaScript files are included across the application containing business logic and technical functionality.  When features are present that we do not have access to it can help build malicious requests.} \tn 
% Row Count 10 (+ 5)
% Row 3
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{{\bf{3rd party libraries/frameworks}} whether CDN-hosted or served locally can introduced their own vulnerabilities.  Examples includes jQuery and MooTools.} \tn 
% Row Count 14 (+ 4)
% Row 4
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{{\bf{Discovery}} often occurs during {\bf{mapping}}, a spider should detect them (src attributes).} \tn 
% Row Count 16 (+ 2)
% Row 5
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{They can be parsed to find vulnerable or interesting functions, look for those that initiate or process {\bf{HTTP requests (XMLHttpRequest)}}.} \tn 
% Row Count 19 (+ 3)
% Row 6
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{{\bf{Exploitation}} takes many forms and are based on the framework.  Possibilities include the ability to call functions without authentication, gather information for further exploitation, or use a known-flaw to exploit.} \tn 
% Row Count 24 (+ 5)
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{Data Attacks}}  \tn
% Row 0
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{Business logic residing on the client means the client receives more data, in some cases more than is required.} \tn 
% Row Count 3 (+ 3)
% Row 1
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{Developers rely on filtering on the client-side to display only what is necessary.} \tn 
% Row Count 5 (+ 2)
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{Data Formats: XML and JSON}}  \tn
% Row 0
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{There are 2 common formats that require parsing on client side: {\bf{XML}} and {\bf{JSON}}} \tn 
% Row Count 2 (+ 2)
% Row 1
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{{\bf{XML}} is a tag-based format, that while common is heavier than other forms.} \tn 
% Row Count 4 (+ 2)
% Row 2
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{{\bf{JSON}}, or JavaScript Object Notation, is a lightweight interchangeable format for both requests and responses, which client-side JavaScript loads into memory.} \tn 
% Row Count 8 (+ 4)
% Row 3
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{Typically, {\bf{JSON}} uses eval() to invoke JavaScript compiler to parse text and project object structure.  It is very fast but runs the risk of executing any JavaScript program present.  It is safer to use a JSON parser.} \tn 
% Row Count 13 (+ 5)
% Row 4
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{On the {\bf{response}} side an attacker will look for extraneous data that can be used.} \tn 
% Row Count 15 (+ 2)
% Row 5
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{On the {\bf{request}} side an attacker will look for the opportunity to inject attacks, such as SQLi or XSS.} \tn 
% Row Count 18 (+ 3)
% Row 6
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{JSON format is an array of arrays.} \tn 
% Row Count 19 (+ 1)
% Row 7
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{{\bf{Exploitation of JSON}} is usually either information disclosure or injection.} \tn 
% Row Count 21 (+ 2)
% Row 8
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{{\bf{JSON Information Disclosure}} is the easiest to find and is typically found browsing via proxy.  Some applications send complete record sets.} \tn 
% Row Count 24 (+ 3)
% Row 9
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{{\bf{JSON Injection}} focuses on request with the goal of intercepting them and injecting attack strings, SQLi and XSS being the most common.  The client or server code can be targeted.  The results may not be visible on the page, so using an interception proxy is necessary.} \tn 
% Row Count 30 (+ 6)
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{Note: JSON is unforgiving of syntax errors but the errors are often verbose, which can provide guidance.}  \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}


% That's all folks
\end{multicols*}

\end{document}