when ajax attacks! web application security fundamentals
Post on 07-Nov-2014
21.785 Views
Preview:
DESCRIPTION
Web application security is hard, and getting harder. New technologies and techniques mean new vulnerabilities, and keeping on top of them all is a significant challenge. This talk will dive deep in to the underbelly of JavaScript security, exploring topics ranging from basic cross-site scripting to CSRF, social network worms, HTML sanitisation, securing JSON, safe cross-domain JavaScript and more besides. Presented at @media Ajax 2008 on the 16th of September.
TRANSCRIPT
- 1. When Ajax Attacks! Web application security fundamentals Simon Willison, @media Ajax 2008
- 2. Im here to scare you XSS PDF CSRF XBL UTF-7 HTC crossdomain.xml JSON and JSONP
- 3. A few years ago... Web application security tutorials tended to boil down to three things: Dont trust input from users Avoid SQL injection attacks Dont let people inject JS in to your pages
- 4. A few years ago... Web application security tutorials tended to boil down to three things: Dont trust input from users Boring! Avoid SQL injection attacks Dont let people inject JS in to your pages
top related