1. When Ajax Attacks! Web application security fundamentals Simon Willison, @media Ajax 2008

2. Im here to scare you XSS PDF CSRF XBL UTF-7 HTC crossdomain.xml JSON and JSONP

3. A few years ago... Web application security tutorials tended to boil down to three things: Dont trust input from users Avoid SQL injection attacks Dont let people inject JS in to your pages

4. A few years ago... Web application security tutorials tended to boil down to three things: Dont trust input from users Boring! Avoid SQL injection attacks Dont let people inject JS in to your pages