Mark Stanton, profile picture
Uploaded byMark Stanton
3,991 views

Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF

This document discusses common JavaScript security vulnerabilities like cross-site scripting (XSS), cross-site request forgery (CSRF), and clickjacking. It defines these issues and provides examples of real attacks. The document also outlines solutions for developers, including sanitizing input, escaping output, minimizing the attack surface, and designing with the assumption of breaches. Overall it stresses the importance of a holistic, multi-layered approach to JavaScript security.

Embed presentation

Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF

More Related Content

PDF
Web Security Horror Stories
bySimon Willison
 
PDF
Revisited
byShunsaku Kudo
 
PDF
JavaScript Security
byJason Harwig
 
PPTX
Java script, security and you - Tri-Cities Javascript Developers Group
byAdam Caudill
 
PDF
Understanding Web Services
byaru85
 
PDF
Understanding Web Services
byaru85
 
KEY
Plone Interactivity
byEric Steele
 
PPT
Xss is more than a simple threat
byAvădănei Andrei
 
Web Security Horror Stories
bySimon Willison
 
Revisited
byShunsaku Kudo
 
JavaScript Security
byJason Harwig
 
Java script, security and you - Tri-Cities Javascript Developers Group
byAdam Caudill
 
Understanding Web Services
byaru85
 
Understanding Web Services
byaru85
 
Plone Interactivity
byEric Steele
 
Xss is more than a simple threat
byAvădănei Andrei
 

What's hot

RTF
C E N T R A R E L´ I M M A G G I N E
byguest70f0f3dc
 
PDF
Web Unleashed '19 - Measuring the Adoption of Web Performance Techniques
byPaul Calvano
 
PDF
Real howto vbs
byChris x-MS
 
PDF
WWW:::Mechanize YAPC::BR 2008
bymvitor
 
PDF
JS Fest 2019. Andrew Betts. Headers for hackers
byJSFestUA
 
ODP
2009-09-11 / YAPC::Asia 2009
byIWATA Susumu
 
PDF
Digital certificates
byDouglasPickett
 
PDF
Attacking Web Applications
bySasha Goldshtein
 
PDF
AWS IoT Greengrass V2 の紹介
byAmazon Web Services Japan
 
PPTX
Case Study of Django: Web Frameworks that are Secure by Default
byMohammed ALDOUB
 
TXT
Makezine
byKelly Thejitternews
 
PDF
Fleet Hub for AWS IoT Device Management のご紹介
byAmazon Web Services Japan
 
PPTX
W.E.B. 2010 - Web, Exploits, Browsers
bySaumil Shah
 
PDF
Progressive Enhancement 2.0 (jQuery Conference SF Bay Area 2011)
byNicholas Zakas
 
PDF
High-Quality JavaScript
byMarc Bächinger
 
KEY
Augmの裏側
byTomohiko Himura
 
PDF
Crypto workshop part 1 - Web and Crypto
byhannob
 
PPT
PHPUG Presentation
byDamon Cortesi
 
PDF
Owasp for dummies handouts
byBCC
 
C E N T R A R E L´ I M M A G G I N E
byguest70f0f3dc
 
Web Unleashed '19 - Measuring the Adoption of Web Performance Techniques
byPaul Calvano
 
Real howto vbs
byChris x-MS
 
WWW:::Mechanize YAPC::BR 2008
bymvitor
 
JS Fest 2019. Andrew Betts. Headers for hackers
byJSFestUA
 
2009-09-11 / YAPC::Asia 2009
byIWATA Susumu
 
Digital certificates
byDouglasPickett
 
Attacking Web Applications
bySasha Goldshtein
 
AWS IoT Greengrass V2 の紹介
byAmazon Web Services Japan
 
Case Study of Django: Web Frameworks that are Secure by Default
byMohammed ALDOUB
 
Makezine
byKelly Thejitternews
 
Fleet Hub for AWS IoT Device Management のご紹介
byAmazon Web Services Japan
 
W.E.B. 2010 - Web, Exploits, Browsers
bySaumil Shah
 
Progressive Enhancement 2.0 (jQuery Conference SF Bay Area 2011)
byNicholas Zakas
 
High-Quality JavaScript
byMarc Bächinger
 
Augmの裏側
byTomohiko Himura
 
Crypto workshop part 1 - Web and Crypto
byhannob
 
PHPUG Presentation
byDamon Cortesi
 
Owasp for dummies handouts
byBCC
 

Viewers also liked

PDF
[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web
byShreeraj Shah
 
PPTX
Its all about CSRF - null Mumbai Meet 10 January 2015 Null/OWASP Chapter
byNilesh Sapariya
 
PPT
DEFCON 17 Presentation: CSRF - Yeah, It Still Works
byRuss McRee
 
PPTX
Introduction to CSRF Attacks & Defense
bySurya Subhash
 
PPTX
Understanding Cross-site Request Forgery
byDaniel Miessler
 
PPTX
Sql injection
byHemendra Kumar
 
PPTX
SQL Injection
byMarios Siganos
 
PPTX
Ppt on sql injection
byashish20012
 
PPT
XSS and CSRF with HTML5
byShreeraj Shah
 
PDF
SQL injection: Not Only AND 1=1 (updated)
byBernardo Damele A. G.
 
PDF
Sql Injection Myths and Fallacies
byKarwin Software Solutions LLC
 
PDF
Understanding CSRF
byPotato
 
PPTX
Cross Site Request Forgery (CSRF) Scripting Explained
byValency Networks
 
PPTX
SQL Injections - A Powerpoint Presentation
byRapid Purple
 
[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web
byShreeraj Shah
 
Its all about CSRF - null Mumbai Meet 10 January 2015 Null/OWASP Chapter
byNilesh Sapariya
 
DEFCON 17 Presentation: CSRF - Yeah, It Still Works
byRuss McRee
 
Introduction to CSRF Attacks & Defense
bySurya Subhash
 
Understanding Cross-site Request Forgery
byDaniel Miessler
 
Sql injection
byHemendra Kumar
 
SQL Injection
byMarios Siganos
 
Ppt on sql injection
byashish20012
 
XSS and CSRF with HTML5
byShreeraj Shah
 
SQL injection: Not Only AND 1=1 (updated)
byBernardo Damele A. G.
 
Sql Injection Myths and Fallacies
byKarwin Software Solutions LLC
 
Understanding CSRF
byPotato
 
Cross Site Request Forgery (CSRF) Scripting Explained
byValency Networks
 
SQL Injections - A Powerpoint Presentation
byRapid Purple
 

Similar to Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF

PDF
Things that go bump on the web - Web Application Security
byChristian Heilmann
 
PPT
Application Security
bynirola
 
PDF
Rich Web App Security - Keeping your application safe
byJeremiah Grossman
 
DOCX
logout.php Session Data after Logout Username Email . $_.docx
bysmile790243
 
PPT
4.Xss
byphanleson
 
PDF
Ajax Security
byJoe Walker
 
PPT
Intro to Web Application Security
byRob Ragan
 
PPTX
Web Application Vulnerabilities
byPreetish Panda
 
DOCX
Pantallas escaneo Sitio Web
byandres1422
 
PDF
Web application sec_3
byvhimsikal
 
PPT
Security Tech Talk
byMallikarjun Reddy
 
PDF
Secure Coding BSSN Semarang Material.pdf
bynanangAris1
 
PPTX
Web application security
byJin Castor
 
PPTX
Hackers versus Developers and Secure Web Programming
byAkash Mahajan
 
PDF
Luis Grangeia IBWAS
byLuis Grangeia
 
PDF
IBWAS 2010: Web Security From an Auditor's Standpoint
byLuis Grangeia
 
PDF
Xss 101 by-sai-shanthan
byRaghunath G
 
PDF
Xss 101
byn|u - The Open Security Community
 
PPTX
Cross site scripting
bykinish kumar
 
PPT
Web Application Security
byChris Hillman
 
Things that go bump on the web - Web Application Security
byChristian Heilmann
 
Application Security
bynirola
 
Rich Web App Security - Keeping your application safe
byJeremiah Grossman
 
logout.php Session Data after Logout Username Email . $_.docx
bysmile790243
 
4.Xss
byphanleson
 
Ajax Security
byJoe Walker
 
Intro to Web Application Security
byRob Ragan
 
Web Application Vulnerabilities
byPreetish Panda
 
Pantallas escaneo Sitio Web
byandres1422
 
Web application sec_3
byvhimsikal
 
Security Tech Talk
byMallikarjun Reddy
 
Secure Coding BSSN Semarang Material.pdf
bynanangAris1
 
Web application security
byJin Castor
 
Hackers versus Developers and Secure Web Programming
byAkash Mahajan
 
Luis Grangeia IBWAS
byLuis Grangeia
 
IBWAS 2010: Web Security From an Auditor's Standpoint
byLuis Grangeia
 
Xss 101 by-sai-shanthan
byRaghunath G
 
Xss 101
byn|u - The Open Security Community
 
Cross site scripting
bykinish kumar
 
Web Application Security
byChris Hillman
 

Recently uploaded

PDF
[BDD 2025 - Full-Stack Development] Agentic AI Architecture: Redefining Syste...
byWintari Yasmin
 
PDF
Open Source Post-Quantum Cryptography - Matt Caswell
byAll Things Open
 
PPTX
Connecting the unconnectable: Exploring LoRaWAN for IoT
byasasiraarthur
 
PDF
[BDD 2025 - Artificial Intelligence] Building AI Systems That Users (and Comp...
byWintari Yasmin
 
PDF
Lets Build a Serverless Function with Kiro
byChris Bingham
 
PDF
Cybersecurity Prevention and Detection: Unit 2
byVICTOR MAESTRE RAMIREZ
 
PDF
5 Common Supply Chain Attacks and How They Work | CyberPro Magazine
byCyberPro Magazine
 
PDF
The partnership effect: Libraries and publishers on collaborating and thrivin...
byBookNet Canada
 
PDF
[BDD 2025 - Artificial Intelligence] AI for the Underdogs: Innovation for Sma...
byWintari Yasmin
 
PDF
DUBAI IT MODERNIZATION WITH AZURE MANAGED SERVICES.pdf
byLogicEra
 
PDF
So You Want to Work at Google | DevFest Seattle 2025
byMargaret Maynard-Reid
 
PPTX
MuleSoft AI Series : Introduction to MCP
byMulesoftMunichMeetup
 
PDF
The Evolving Role of the CEO in the Age of AI
byPipal Tree Services Executive Search Firm
 
PDF
How Much Does It Cost to Build an eCommerce Website in 2025.pdf
byPixlogix Infotech
 
PDF
Dev Dives: Build smarter agents with UiPath Agent Builder
byUiPathCommunity
 
PDF
Mastering Agentic Orchestration with UiPath Maestro | Hands on Workshop
byUiPathCommunity
 
PPTX
kernel PPT (Explanation of Windows Kernal).pptx
byINFOBYTES1
 
PDF
Parallel Computing BCS702 Module notes of the vtu college 7th sem 4.pdf
byMatheshVishnu
 
PDF
[BDD 2025 - Full-Stack Development] Digital Accessibility: Why Developers nee...
bywintari3
 
PDF
Cheryl Hung, Vibe Coding Auth Without Melting Down! isaqb Software Architectu...
byCheryl Hung
 
[BDD 2025 - Full-Stack Development] Agentic AI Architecture: Redefining Syste...
byWintari Yasmin
 
Open Source Post-Quantum Cryptography - Matt Caswell
byAll Things Open
 
Connecting the unconnectable: Exploring LoRaWAN for IoT
byasasiraarthur
 
[BDD 2025 - Artificial Intelligence] Building AI Systems That Users (and Comp...
byWintari Yasmin
 
Lets Build a Serverless Function with Kiro
byChris Bingham
 
Cybersecurity Prevention and Detection: Unit 2
byVICTOR MAESTRE RAMIREZ
 
5 Common Supply Chain Attacks and How They Work | CyberPro Magazine
byCyberPro Magazine
 
The partnership effect: Libraries and publishers on collaborating and thrivin...
byBookNet Canada
 
[BDD 2025 - Artificial Intelligence] AI for the Underdogs: Innovation for Sma...
byWintari Yasmin
 
DUBAI IT MODERNIZATION WITH AZURE MANAGED SERVICES.pdf
byLogicEra
 
So You Want to Work at Google | DevFest Seattle 2025
byMargaret Maynard-Reid
 
MuleSoft AI Series : Introduction to MCP
byMulesoftMunichMeetup
 
The Evolving Role of the CEO in the Age of AI
byPipal Tree Services Executive Search Firm
 
How Much Does It Cost to Build an eCommerce Website in 2025.pdf
byPixlogix Infotech
 
Dev Dives: Build smarter agents with UiPath Agent Builder
byUiPathCommunity
 
Mastering Agentic Orchestration with UiPath Maestro | Hands on Workshop
byUiPathCommunity
 
kernel PPT (Explanation of Windows Kernal).pptx
byINFOBYTES1
 
Parallel Computing BCS702 Module notes of the vtu college 7th sem 4.pdf
byMatheshVishnu
 
[BDD 2025 - Full-Stack Development] Digital Accessibility: Why Developers nee...
bywintari3
 
Cheryl Hung, Vibe Coding Auth Without Melting Down! isaqb Software Architectu...
byCheryl Hung