Upload File

when ajax attacks! web application security fundamentals

  • Home
  • Technology
  • When Ajax Attacks! Web application security fundamentals
58
When Ajax Attacks! Web application security fundamentals Simon Willison, @media Ajax 2008

Upload: simon-willison

Post on 07-Nov-2014

21.784 views

Category:

Technology


0 download

Report

Tags:

DESCRIPTION

Web application security is hard, and getting harder. New technologies and techniques mean new vulnerabilities, and keeping on top of them all is a significant challenge. This talk will dive deep in to the underbelly of JavaScript security, exploring topics ranging from basic cross-site scripting to CSRF, social network worms, HTML sanitisation, securing JSON, safe cross-domain JavaScript and more besides. Presented at @media Ajax 2008 on the 16th of September.

TRANSCRIPT

  • 1. When Ajax Attacks! Web application security fundamentals Simon Willison, @media Ajax 2008
  • 2. Im here to scare you XSS PDF CSRF XBL UTF-7 HTC crossdomain.xml JSON and JSONP
  • 3. A few years ago... Web application security tutorials tended to boil down to three things: Dont trust input from users Avoid SQL injection attacks Dont let people inject JS in to your pages
  • 4. A few years ago... Web application security tutorials tended to boil down to three things: Dont trust input from users Boring! Avoid SQL injection attacks Dont let people inject JS in to your pages

Chapter 1: Fundamentals of Security - John Wiley & SonsChapter 1: Fundamentals of Security Exam Objectives Types of attacks Physical security Authentication and authorization Data

Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to Network Security Fundamentals, Third Edition Software-Based Attacks •Malicious software,

jQuery Fundamentals - Webs€¦ · • Example 4.3: Storing a relationship between elements using $.fn.data ... • Example 7.2: Using jQuery's Ajax convenience methods • Example

AJAX - download.microsoft.comdownload.microsoft.com/.../DrMaster_ASP.NET_AJAX_foreword.pdf4 3 AJAX 8 150 ASP.NET AJAX 1 ASP.NET AJAX 1.0 ASP.NET AJAX 1.0 AJAX ASP.NET AJAX 1.0 AJAX

Ajax Toolkit Framework Ajax World 2

Chapter 1: Fundamentals of Security · understanding of network security. ... Fundamentals of Security Identifying Types of Attacks 1135 found in the dictionary. Also, passwords are

AJAX Basics AJAX Basics

THE AJAX PROJECT Ruby Amey Southwestern College of Professional Studies Project Management Fundamentals MGMT 505 Dr. Light February 11, 2012

Introduce What is ASP.NET AJAX Architecture of ASP.NET AJAX Goal of ASP.NET AJAX Scenarios ASP.NET AJAX Extensions Microsoft AJAX Library ASP.NET AJAX

Michael Hartl und Laurent Steurer. Web 2.0 Web 2.0 Einführung AJAX Einführung AJAX Funktionsweise von AJAX Funktionsweise von AJAX Klassische synchrone

CHAPTER 8 AJAX & JSON WHAT IS AJAX? Ajax lets you…

AJAX/JQUERY · 2019. 11. 6. · AJAX/JQUERY ©TarekZLITNI 2 -ISIMS Développement Web II AJAX • AJAX : AsynchronousJavaScript and XML • AJAX :une technologie de développent web

Introduction to Ajax/Dojo - Code Pipes · Introduction to Ajax/Dojo Kostis Kapelonis - Agilis SA. What is Ajax. Topics • High level overview of Ajax • Technical overview of Ajax

Ventsislav Popov Crossroad Ltd.. 1. What is AJAX? AJAX Concept ASP.NET AJAX Framework 2. ASP.NET AJAX Server Controls ScriptManager, UpdatePanel

Struts on Ajax - The Ajax Experienceajaxexperience.techtarget.com/assets/documents/Ted_Husted... · Struts on Ajax: Retrofitting Struts with Ajax Taglibs Square One University Series

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 4 Network Vulnerabilities and Attacks

NETWORK ATTACKS Dr. Andy Wu BCIS 4630 Fundamentals of IT Security

(jQuery Fundamentals) Fundamentos de jQuery · Métodos do jQuery relacionados ao Ajax ..... 52. Fundamentos de jQuery (jQuery Fundamentals) v $.ajax ... Esta seção é um trabalho

Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 2 Malware and Social Engineering Attacks

10/22/2015 1 Fundamentals of Security. 10/22/2015 2 Security AttacksPassive AttacksActive Attacks

CComplete Ajax Tutorialomplete Ajax Tutorial

Manual de ajax las entrañas de ajax

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks

Ajax & Reverse Ajax Presenation

9. jQuery - Fundamentals, DOM, Events, AJAX, UI

Introduction to Ajax Introduction to Ajax

AJAX in ASP.NET MVC AJAX, Partial Page Rendering, jQuery AJAX, MVC AJAX Helpers SoftUni Team Technical Trainers Software University

Fundamentals of Information Systems, Seventh Editionmhtay/ITEC110/Fundamental_Info_Sys/Lec… · attacks against the country’s critical infrastructure • Cyberterrorist: –Intimidates

Web 2.0 à la Microsoft - W3L€¦ · ASP.NET AJAX 1.0 ASP.NET 2.0 AJAX Erweiterung (Server) AJAX Client Script Library (Client) ASP.NET AJAX Futures Erweiterungen der ASP.NET AJAX

Building rich web applications with ASP.NET AJAX · Microsoft AJAX Library ASP.NET 2.0 AJAX Extensions ASP.NET AJAX Control Toolkit Current Version ASP.NET AJAX 1.0 Beta 2 Roadmap

Active AJAX based Active AJAX based Active AJAX based Active

Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 4 Vulnerability Assessment and Mitigating Attacks

Ajax Basics The XMLHttpRequest Object. Ajax is…. Ajax is not…. Ajax is not a programming language. Ajax is not a programming language. Ajax is a methodology

Ajax Fundamentals ? Hands On

Fundamentals, DOM, Events, AJAX, UI Doncho Minkov Telerik Corporation