SlideShare is now on Android. 15 million presentations at your fingertips.  Get the app

×
  • Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
 

Web Security Horror Stories

by CEO and Co-Founder at Lanyrd on Oct 26, 2008

  • 34,432 views

Keeping your web application secure is an ongoing process - new classes of vulnerabilities are discovered with surprising frequency, and if you don't keep on top of them you could be in for a nasty ...

Keeping your web application secure is an ongoing process - new classes of vulnerabilities are discovered with surprising frequency, and if you don't keep on top of them you could be in for a nasty surprise. This talk will discuss both common and obscure vulnerabilities, with real-world examples of attacks that have worked against high profile sites in the past.

Statistics

Views

Total Views
34,432
Views on SlideShare
28,761
Embed Views
5,671

Actions

Likes
60
Downloads
1,327
Comments
8

40 Embeds 5,671

http://simonwillison.net 4795
http://informaticaellacuria.wikispaces.com 354
http://websecurity.com.ua 155
http://sicross.blogspot.com 59
http://www.burakdayioglu.net 58
http://www.rimmkaufman.com 49
http://www.slideshare.net 42
http://l.lj-toys.com 21
http://lj-toys.com 18
http://sathisht.wordpress.com 18
http://evolvebeyondmoney.com 17
http://lanyrd.com 14
http://translate.googleusercontent.com 12
http://www.evolvebeyondmoney.com 8
http://www.inetvista.com 8
http://sicross.blogspot.co.uk 5
https://informaticaellacuria.wikispaces.com 4
http://www.simonwillison.net 4
http://wildfire.gigya.com 3
https://translate.googleusercontent.com 3
http://sicross.blogspot.in 2
http://alicia-yaneth.blogspot.com 2
http://22by7-eureka.blogspot.com 2
http://tumblr.iamdanw.com 2
http://sicross.blogspot.de 1
http://mytutor.tut.ac.za 1
http://www.websecurity.com.ua 1
http://feeds.feedburner.com 1
http://sicross.blogspot.se 1
http://www.sicross.blogspot.com 1
http://afccdsd.blogspot.com 1
http://cavist.blogspot.com 1
http://static.slideshare.net 1
http://itgsonline.com 1
http://waterfrontwiki.waterfrontoronto.ca 1
http://safe.tumblr.com 1
http://www.sivsoft.com 1
http://www.mefeedia.com 1
https://appsec-targ12.pd.local 1
https://home.jolicloud.com 1
More...

Accessibility

Categories

Upload Details

Uploaded via SlideShare as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

18 of 8 previous next Post a comment

  • HemangBodakiya Hemang Bodakiya, Student at student good presentation 1 year ago
    Are you sure you want to
    Your message goes here
    Processing…
  • tomaszmiklas tomaszmiklas Just awesome! 2 years ago
    Are you sure you want to
    Your message goes here
    Processing…
  • scambaiting Caroline Rose, seo at seg thanks for your good tips.Hope will get more slides from you.
    here is a blog related to scam awareness http://scambaitings.blogspot.com/ .
    3 years ago
    Are you sure you want to
    Your message goes here
    Processing…
  • mohdamin1976 Dave Freeman, Investment Executive at House of Investors Good tips. Little that I know about web security.

    Dave (a web designer currently working on : www.freeringtonesforverizon.net/ )
    3 years ago
    Are you sure you want to
    Your message goes here
    Processing…
  • RafalLos Rafal Los, Principal, Strategic Security Services at HP Enterprise Security Services Brilliant... great presentation - I would have loved to hear this live. 5 years ago
    Are you sure you want to
    Your message goes here
    Processing…
  • ewout Ewout ter Haar at University of São Paulo I found a reference (pdf): http://www.adambarth.com/papers/2008/barth-jackson-mitchell-b.pdf : '[...] the attacker forges a cross-site request to the login form, logging the victim into the honest web site as the attacker.'

    The bad news is that there seems to be no solution to the login csrf problem.
    5 years ago
    Are you sure you want to
    Your message goes here
    Processing…
  • ewout Ewout ter Haar at University of São Paulo I didn´t understand this slide. 'Use CSRF to log someone in' is phishing, right? How can I protect my form if the user does not have yet a session?

    I notice login.yahoo.com has some hidden fields with crumbs, but Google doesn´t. Do you know have a best practices references for login forms?
    5 years ago
    Are you sure you want to
    Your message goes here
    Processing…
  • simon Simon Willison, CEO and Co-Founder at Lanyrd I forgot to include the photo credit - this is from http://www.flickr.com/photos/jalex_photo/1680862003 5 years ago
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Web Security Horror Stories Web Security Horror Stories Presentation Transcript