When Ajax Attacks! Web application security fundamentals
Upcoming SlideShare
Loading in...5
×
 

When Ajax Attacks! Web application security fundamentals

on

  • 21,568 views

Web application security is hard, and getting harder. New technologies and techniques mean new vulnerabilities, and keeping on top of them all is a significant challenge. This talk will dive deep in ...

Web application security is hard, and getting harder. New technologies and techniques mean new vulnerabilities, and keeping on top of them all is a significant challenge. This talk will dive deep in to the underbelly of JavaScript security, exploring topics ranging from basic cross-site scripting to CSRF, social network worms, HTML sanitisation, securing JSON, safe cross-domain JavaScript and more besides.

Presented at @media Ajax 2008 on the 16th of September.

Statistics

Views

Total Views
21,568
Views on SlideShare
19,475
Embed Views
2,093

Actions

Likes
38
Downloads
990
Comments
3

26 Embeds 2,093

http://simonwillison.net 1290
http://ajaxian.com 637
http://onwebdev.blogspot.com 33
http://www.slideshare.net 28
http://swik.net 24
http://cybexin.blogspot.com 16
http://www.xaguilars.com 13
http://min2liz.net 9
http://lanyrd.com 7
http://ev.ujaen.es 7
http://extjs.com 6
http://itmmetelko.com 5
http://dv.ujaen.es 4
http://www.itmmetelko.com 2
http://www.techgig.com 1
http://twitter.com 1
http://onwebdev.blogspot.com.es 1
http://blog.gabrieleromanato.com 1
http://www.ajaxian.com 1
file:// 1
http://www.arcanesecurity.net 1
http://74.125.47.132 1
http://www.google.nl 1
http://htmledit.squarefree.com 1
http://softlibre.barrapunto.com 1
http://rss2.com 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • Good work on the presentation.
    I was not aware of some of the techniques.

    Niket Khosla
    http://www.senseofsecurity.com.au
    Are you sure you want to
    Your message goes here
    Processing…
  • Such a good tips. Well presented.

    Dave (a web designer currently working on : www.freeringtonesforverizon.net/ )
    Are you sure you want to
    Your message goes here
    Processing…
  • Thanks for sharing. Its interesting presentation.
    http://www.discountwebdesign.co.uk/
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

When Ajax Attacks! Web application security fundamentals When Ajax Attacks! Web application security fundamentals Presentation Transcript

  • When Ajax Attacks! Web application security fundamentals Simon Willison, @media Ajax 2008
  • I’m here to scare you • XSS • PDF • CSRF • XBL • UTF-7 • HTC • crossdomain.xml • JSON and JSONP
  • A few years ago... • Web application security tutorials tended to boil down to three things: • Don’t trust input from users • Avoid SQL injection attacks • Don’t let people inject JS in to your pages
  • A few years ago... • Web application security tutorials tended to boil down to three things: • Don’t trust input from users Boring! • Avoid SQL injection attacks • Don’t let people inject JS in to your pages