Your SlideShare is downloading. ×
0
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

When Ajax Attacks! Web application security fundamentals

17,034

Published on

Web application security is hard, and getting harder. New technologies and techniques mean new vulnerabilities, and keeping on top of them all is a significant challenge. This talk will dive deep in …

Web application security is hard, and getting harder. New technologies and techniques mean new vulnerabilities, and keeping on top of them all is a significant challenge. This talk will dive deep in to the underbelly of JavaScript security, exploring topics ranging from basic cross-site scripting to CSRF, social network worms, HTML sanitisation, securing JSON, safe cross-domain JavaScript and more besides.

Presented at @media Ajax 2008 on the 16th of September.

Published in: Technology
3 Comments
39 Likes
Statistics
Notes
No Downloads
Views
Total Views
17,034
On Slideshare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
1,000
Comments
3
Likes
39
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. When Ajax Attacks! Web application security fundamentals Simon Willison, @media Ajax 2008
  • 2. I’m here to scare you • XSS • PDF • CSRF • XBL • UTF-7 • HTC • crossdomain.xml • JSON and JSONP
  • 3. A few years ago... • Web application security tutorials tended to boil down to three things: • Don’t trust input from users • Avoid SQL injection attacks • Don’t let people inject JS in to your pages
  • 4. A few years ago... • Web application security tutorials tended to boil down to three things: • Don’t trust input from users Boring! • Avoid SQL injection attacks • Don’t let people inject JS in to your pages

×