When Ajax Attacks! Web application security fundamentals Simon Willison, @media Ajax 2008
When Ajax Attacks! Web application security fundamentals
Nov 07, 2014
Web application security is hard, and getting harder. New technologies and techniques mean new vulnerabilities, and keeping on top of them all is a significant challenge. This talk will dive deep in to the underbelly of JavaScript security, exploring topics ranging from basic cross-site scripting to CSRF, social network worms, HTML sanitisation, securing JSON, safe cross-domain JavaScript and more besides.
Presented at @media Ajax 2008 on the 16th of September.
Presented at @media Ajax 2008 on the 16th of September.
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
- 1. When Ajax Attacks! Web application security fundamentals Simon Willison, @media Ajax 2008
- 2. Im here to scare you XSS PDF CSRF XBL UTF-7 HTC crossdomain.xml JSON and JSONP
- 3. A few years ago... Web application security tutorials tended to boil down to three things: Dont trust input from users Avoid SQL injection attacks Dont let people inject JS in to your pages
- 4. A few years ago... Web application security tutorials tended to boil down to three things: Dont trust input from users Boring! Avoid SQL injection attacks Dont let people inject JS in to your pages
Related Documents
