On October 23rd, 2014, we updated our
By continuing to use LinkedIn’s SlideShare service, you agree to the revised terms, so please take a few minutes to review them.
Web Front End Security
Web Front End Hacking
Cross site scripting(XSS)
Cross site request forgery(CSRF)
Hey, social engineering is as dangerous (or more dangerous ) !
HTTP protocal & headers
blacklist for js setting headers: not every header can be set by js
HTML, DOM & iframe
local data storage & cookies
sub domian, path, http-only cookie, secure cookie
Action with DOM, cookies, form, XMLHttpRequest...
A combination of protocal, hostname, and
Apply on DOM, Cookie, XMLHttpRequest,