When Ajax Attacks! Web application security fundamentals

  • 16,768 views
Uploaded on

Web application security is hard, and getting harder. New technologies and techniques mean new vulnerabilities, and keeping on top of them all is a significant challenge. This talk will dive deep in …

Web application security is hard, and getting harder. New technologies and techniques mean new vulnerabilities, and keeping on top of them all is a significant challenge. This talk will dive deep in to the underbelly of JavaScript security, exploring topics ranging from basic cross-site scripting to CSRF, social network worms, HTML sanitisation, securing JSON, safe cross-domain JavaScript and more besides.

Presented at @media Ajax 2008 on the 16th of September.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • Good work on the presentation.
    I was not aware of some of the techniques.

    Niket Khosla
    http://www.senseofsecurity.com.au
    Are you sure you want to
    Your message goes here
  • Such a good tips. Well presented.

    Dave (a web designer currently working on : www.freeringtonesforverizon.net/ )
    Are you sure you want to
    Your message goes here
  • Thanks for sharing. Its interesting presentation.
    http://www.discountwebdesign.co.uk/
    Are you sure you want to
    Your message goes here
No Downloads

Views

Total Views
16,768
On Slideshare
0
From Embeds
0
Number of Embeds
6

Actions

Shares
Downloads
994
Comments
3
Likes
38

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. When Ajax Attacks! Web application security fundamentals Simon Willison, @media Ajax 2008
  • 2. I’m here to scare you • XSS • PDF • CSRF • XBL • UTF-7 • HTC • crossdomain.xml • JSON and JSONP
  • 3. A few years ago... • Web application security tutorials tended to boil down to three things: • Don’t trust input from users • Avoid SQL injection attacks • Don’t let people inject JS in to your pages
  • 4. A few years ago... • Web application security tutorials tended to boil down to three things: • Don’t trust input from users Boring! • Avoid SQL injection attacks • Don’t let people inject JS in to your pages