View stunning SlideShares in full-screen with the new iOS app!Introducing SlideShare for AndroidExplore all your favorite topics in the SlideShare appGet the SlideShare app to Save for Later — even offline
View stunning SlideShares in full-screen with the new Android app!View stunning SlideShares in full-screen with the new iOS app!
Web Front End Security
Web Front End Hacking
Cross site scripting(XSS)
Cross site request forgery(CSRF)
Hey, social engineering is as dangerous (or more dangerous ) !
HTTP protocal & headers
blacklist for js setting headers: not every header can be set by js
HTML, DOM & iframe
local data storage & cookies
sub domian, path, http-only cookie, secure cookie
Action with DOM, cookies, form, XMLHttpRequest...
A combination of protocal, hostname, and
Apply on DOM, Cookie, XMLHttpRequest,