The central ingredient of Web 2.0 web applications is Ajax. There is not security weakness in Ajax itself, but adaptation of this technology has changed the Web application development approach.
aSSL, or Ajax Secure Service Layer, is an open source library designed to substitute the need for Secure Socket Layer (SSL) in Ajax web-applications. In a nutshell, aSSL enables the browser to negotiate a secret random 128-bit key with the server using the RSA algorithm. Once a connection is established, the transmitted data will be encrypted using the AES encryption algorithm.
The aSSL library lets web developers to send data safely over the Internet when SSL is not available, or not needed. aSSL is designed for Ajax developers and includes both client and server-side code. aSSL should be be used in non-critical web applications such as chats, blogs and so on.