Transcript
- 1. When Ajax Attacks! Web application security fundamentals Simon Willison, @media Ajax 2008
- 2. Im here to scare you XSS PDF CSRF XBL UTF-7 HTC crossdomain.xml JSON and JSONP
- 3. A few years ago... Web application security tutorials tended to boil down to three things: Dont trust input from users Avoid SQL injection attacks Dont let people inject JS in to your pages
- 4. A few years ago... Web application security tutorials tended to boil down to three things: Dont trust input from users Boring! Avoid SQL injection attacks Dont let people inject JS in to your pages