SlideShare a Scribd company logo

Building Secure Twitter Apps

D
Damon Cortesi

Presentation given at #140tc in Los Angeles on security issues when building web and Twitter applications.

Technology
1 of 30
Web App Security and Twitter and Twitter ,[object Object],[object Object],[object Object]
@dacort
Common Issues ,[object Object],[object Object],[object Object],[object Object],[object Object]
SQL Injection ,[object Object],[object Object],[object Object],[object Object]
...in action http://xkcd.com/327/
Cross-Site Scripting ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Real-World Dangers ,[object Object]
Web 2.0 Frameworks ,[object Object],[object Object],[object Object],[object Object],[object Object]
CSRF ,[object Object],[object Object],[object Object]
CSRF++ ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
CSRF GET ,[object Object],[object Object],[object Object],[object Object],[object Object]
CSRF POST ,[object Object],<form name=”csrf” action=” http://x.com/delete.php ” method=”POST”> <input type=”hidden” name=”id” value=”123”> </form> <script>document.csrf.submit()</script>
CSRF Example
Information Disclosure ,[object Object],[object Object]
Retrieve Username $.getJSON(&quot; http://twitter.com /statuses/user_timeline?count=1&callback=? &quot;, function(data) { alert(&quot;Username is: &quot; + data[0].user.screen_name ) }); {&quot;text&quot;:&quot;Pretty sure humans have kneecaps so we can slam them into tables. *ow*&quot;,&quot;truncated&quot;:false, &quot;user&quot; :{&quot;following&quot;:null,&quot;time_zone&quot;:&quot;Pacific Time (US & Canada)&quot;,&quot;description&quot;:&quot;Prof. Computer Security Consultant with a passion for breaking things and generating statistics (see http:tweetstats.com and http:ratemytalk.com).&quot;, &quot;screen_name&quot;:&quot;dacort&quot; ,&quot;utc_offset&quot;:-28800,&quot;profile_sidebar_border_color&quot;:&quot;87bc44&quot;,&quot;notifications&quot;:null,&quot;created_at&quot;:&quot;Thu Dec 21 07:14:05 +0000 2006&quot;,&quot;profile_text_color&quot;:&quot;000000&quot;,&quot;url&quot;:&quot;http:dcortesi.com&quot;,&quot;name&quot;:&quot;Damon Cortesi&quot;,&quot;statuses_count&quot;:21385,&quot;profile_background_image_url&quot;:&quot;http:static.twitter.comimagesthemestheme1bg.gif&quot;,&quot;followers_count&quot;:4441,&quot;protected&quot;:false,&quot;profile_link_color&quot;:&quot;A100FF&quot;,&quot;profile_background_tile&quot;:false,&quot;friends_count&quot;:1775,&quot;profile_background_color&quot;:&quot;000000&quot;,&quot;verified&quot;:false,&quot;favourites_count&quot;:202,&quot;profile_image_url&quot;:&quot;http:s3.amazonaws.comtwitter_productionprofile_images90802743Famous_Glasses_normal.jpg&quot;,&quot;location&quot;:&quot;Seattle, WA&quot;,&quot;id&quot;:99723,&quot;profile_sidebar_fill_color&quot;:&quot;e0ff92&quot;},&quot;in_reply_to_status_id&quot;:null,&quot;created_at&quot;:&quot;Mon Jul 27 21:37:53 +0000 2009&quot;,&quot;in_reply_to_user_id&quot;:null,&quot;favorited&quot;:false,&quot;in_reply_to_screen_name&quot;:null,&quot;id&quot;:2877957719,&quot;source&quot;:&quot;<a href=amp;quot;http: www.atebits.com amp;quot;>Tweetie<a>&quot;}
Courtesy of @harper
Protected Users ,[object Object],[object Object],[object Object]
Let’s have some fun... ,[object Object]
Mitigation ,[object Object],[object Object],[object Object]
Sanitization/Encoding ,[object Object],[object Object],[object Object],[object Object],[object Object]
Also Watch out for...
 
 
Help your users
 
Some other things... ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
One last thing ,[object Object],[object Object],[object Object],[object Object],[object Object]
Oh, Shorteners...
Third Parties ,[object Object],[object Object],[object Object],[object Object]
Sorry Twitter

Recommended

Page Caching Resurrected
Page Caching ResurrectedPage Caching Resurrected
Page Caching Resurrected
Ben Scofield
 
YQL talk at OHD Jakarta
YQL talk at OHD JakartaYQL talk at OHD Jakarta
YQL talk at OHD Jakarta
Michael Smith Jr.
 
Secure Coding With Wordpress (BarCamp Orlando 2009)
Secure Coding With Wordpress (BarCamp Orlando 2009)Secure Coding With Wordpress (BarCamp Orlando 2009)
Secure Coding With Wordpress (BarCamp Orlando 2009)
Mark Jaquith
 
PHPUG Presentation
PHPUG PresentationPHPUG Presentation
PHPUG Presentation
Damon Cortesi
 
User Experience is dead. Long live the user experience!
User Experience is dead. Long live the user experience!User Experience is dead. Long live the user experience!
User Experience is dead. Long live the user experience!
Greg Bell
 
Front End on Rails
Front End on RailsFront End on Rails
Front End on RailsJustin Halsall
 
Make Everyone a Tester: Natural Language Acceptance Testing
Make Everyone a Tester: Natural Language Acceptance TestingMake Everyone a Tester: Natural Language Acceptance Testing
Make Everyone a Tester: Natural Language Acceptance Testing
Viget Labs
 
Flickr Open Api Mashup
Flickr Open Api MashupFlickr Open Api Mashup
Flickr Open Api Mashup
Jinho Jung
 

Recommended

Page Caching Resurrected
Page Caching ResurrectedPage Caching Resurrected
Page Caching Resurrected
Ben Scofield
 
YQL talk at OHD Jakarta
YQL talk at OHD JakartaYQL talk at OHD Jakarta
YQL talk at OHD Jakarta
Michael Smith Jr.
 
Secure Coding With Wordpress (BarCamp Orlando 2009)
Secure Coding With Wordpress (BarCamp Orlando 2009)Secure Coding With Wordpress (BarCamp Orlando 2009)
Secure Coding With Wordpress (BarCamp Orlando 2009)
Mark Jaquith
 
PHPUG Presentation
PHPUG PresentationPHPUG Presentation
PHPUG Presentation
Damon Cortesi
 
User Experience is dead. Long live the user experience!
User Experience is dead. Long live the user experience!User Experience is dead. Long live the user experience!
User Experience is dead. Long live the user experience!
Greg Bell
 
Front End on Rails
Front End on RailsFront End on Rails
Front End on RailsJustin Halsall
 
Make Everyone a Tester: Natural Language Acceptance Testing
Make Everyone a Tester: Natural Language Acceptance TestingMake Everyone a Tester: Natural Language Acceptance Testing
Make Everyone a Tester: Natural Language Acceptance Testing
Viget Labs
 
Flickr Open Api Mashup
Flickr Open Api MashupFlickr Open Api Mashup
Flickr Open Api Mashup
Jinho Jung
 
ARTDM 170, Week 16: Publishing
ARTDM 170, Week 16: PublishingARTDM 170, Week 16: Publishing
ARTDM 170, Week 16: PublishingGilbert Guerrero
 
WordPress Development Confoo 2010
WordPress Development Confoo 2010WordPress Development Confoo 2010
WordPress Development Confoo 2010
Brendan Sera-Shriar
 
Optimizing Drupal for Mobile Devices
Optimizing Drupal for Mobile DevicesOptimizing Drupal for Mobile Devices
Optimizing Drupal for Mobile DevicesSugree Phatanapherom
 
What's new in Rails 2?
What's new in Rails 2?What's new in Rails 2?
What's new in Rails 2?
brynary
 
Zend Form Tutorial
Zend Form TutorialZend Form Tutorial
Zend Form Tutorial
Michelangelo van Dam
 
SlideShare Instant
SlideShare InstantSlideShare Instant
SlideShare Instant
Saket Choudhary
 
SlideShare Instant
SlideShare InstantSlideShare Instant
SlideShare Instant
Saket Choudhary
 
Php 3 1
Php 3 1Php 3 1
Php 3 1Digital Insights - Digital Marketing Agency
 
Integrating WordPress With Web APIs
Integrating WordPress With Web APIsIntegrating WordPress With Web APIs
Integrating WordPress With Web APIsrandyhoyt
 
Changing Template Engine
Changing Template EngineChanging Template Engine
Changing Template Engine
Takatsugu Shigeta
 
Evolution of API With Blogging
Evolution of API With BloggingEvolution of API With Blogging
Evolution of API With Blogging
Takatsugu Shigeta
 
Advanced and Hidden WordPress APIs
Advanced and Hidden WordPress APIsAdvanced and Hidden WordPress APIs
Advanced and Hidden WordPress APIs
andrewnacin
 
Advanced SEO for Web Developers
Advanced SEO for Web DevelopersAdvanced SEO for Web Developers
Advanced SEO for Web DevelopersNathan Buggia
 
Lecture 6 - Comm Lab: Web @ ITP
Lecture 6 - Comm Lab: Web @ ITPLecture 6 - Comm Lab: Web @ ITP
Lecture 6 - Comm Lab: Web @ ITPyucefmerhi
 
Web Typography with sIFR 3 at Drupalcamp Copenhagen
Web Typography with sIFR 3 at Drupalcamp CopenhagenWeb Typography with sIFR 3 at Drupalcamp Copenhagen
Web Typography with sIFR 3 at Drupalcamp Copenhagen
Mark Wubben
 
Findability Bliss Through Web Standards
Findability Bliss Through Web StandardsFindability Bliss Through Web Standards
Findability Bliss Through Web Standards
Aarron Walter
 
Microformats at Web 2.0 Expo April 2007
Microformats at Web 2.0 Expo April 2007Microformats at Web 2.0 Expo April 2007
Microformats at Web 2.0 Expo April 2007
John Allsopp
 
Ajax On S2 Odp
Ajax On S2 OdpAjax On S2 Odp
Ajax On S2 Odp
ghessler
 
IBM Lotus Notes Domino XPages and XPages for Mobile
IBM Lotus Notes Domino XPages and XPages for MobileIBM Lotus Notes Domino XPages and XPages for Mobile
IBM Lotus Notes Domino XPages and XPages for Mobile
Chris Toohey
 
Bringing Typography to the Web with sIFR 3 at <head>
Bringing Typography to the Web with sIFR 3 at <head>Bringing Typography to the Web with sIFR 3 at <head>
Bringing Typography to the Web with sIFR 3 at <head>
Mark Wubben
 
Building Lanyrd
Building LanyrdBuilding Lanyrd
Building Lanyrd
Simon Willison
 
MongoDB ClickStream and Visualization
MongoDB ClickStream and VisualizationMongoDB ClickStream and Visualization
MongoDB ClickStream and Visualization
Cameron Sim
 

More Related Content

What's hot

ARTDM 170, Week 16: Publishing
ARTDM 170, Week 16: PublishingARTDM 170, Week 16: Publishing
ARTDM 170, Week 16: PublishingGilbert Guerrero
 
WordPress Development Confoo 2010
WordPress Development Confoo 2010WordPress Development Confoo 2010
WordPress Development Confoo 2010
Brendan Sera-Shriar
 
Optimizing Drupal for Mobile Devices
Optimizing Drupal for Mobile DevicesOptimizing Drupal for Mobile Devices
Optimizing Drupal for Mobile DevicesSugree Phatanapherom
 
What's new in Rails 2?
What's new in Rails 2?What's new in Rails 2?
What's new in Rails 2?
brynary
 
Zend Form Tutorial
Zend Form TutorialZend Form Tutorial
Zend Form Tutorial
Michelangelo van Dam
 
SlideShare Instant
SlideShare InstantSlideShare Instant
SlideShare Instant
Saket Choudhary
 
SlideShare Instant
SlideShare InstantSlideShare Instant
SlideShare Instant
Saket Choudhary
 
Integrating WordPress With Web APIs
Integrating WordPress With Web APIsIntegrating WordPress With Web APIs
Integrating WordPress With Web APIsrandyhoyt
 
Changing Template Engine
Changing Template EngineChanging Template Engine
Changing Template Engine
Takatsugu Shigeta
 
Evolution of API With Blogging
Evolution of API With BloggingEvolution of API With Blogging
Evolution of API With Blogging
Takatsugu Shigeta
 
Advanced and Hidden WordPress APIs
Advanced and Hidden WordPress APIsAdvanced and Hidden WordPress APIs
Advanced and Hidden WordPress APIs
andrewnacin
 
Advanced SEO for Web Developers
Advanced SEO for Web DevelopersAdvanced SEO for Web Developers
Advanced SEO for Web DevelopersNathan Buggia
 
Lecture 6 - Comm Lab: Web @ ITP
Lecture 6 - Comm Lab: Web @ ITPLecture 6 - Comm Lab: Web @ ITP
Lecture 6 - Comm Lab: Web @ ITPyucefmerhi
 
Web Typography with sIFR 3 at Drupalcamp Copenhagen
Web Typography with sIFR 3 at Drupalcamp CopenhagenWeb Typography with sIFR 3 at Drupalcamp Copenhagen
Web Typography with sIFR 3 at Drupalcamp Copenhagen
Mark Wubben
 
Findability Bliss Through Web Standards
Findability Bliss Through Web StandardsFindability Bliss Through Web Standards
Findability Bliss Through Web Standards
Aarron Walter
 
Microformats at Web 2.0 Expo April 2007
Microformats at Web 2.0 Expo April 2007Microformats at Web 2.0 Expo April 2007
Microformats at Web 2.0 Expo April 2007
John Allsopp
 
Ajax On S2 Odp
Ajax On S2 OdpAjax On S2 Odp
Ajax On S2 Odp
ghessler
 
IBM Lotus Notes Domino XPages and XPages for Mobile
IBM Lotus Notes Domino XPages and XPages for MobileIBM Lotus Notes Domino XPages and XPages for Mobile
IBM Lotus Notes Domino XPages and XPages for Mobile
Chris Toohey
 
Bringing Typography to the Web with sIFR 3 at <head>
Bringing Typography to the Web with sIFR 3 at <head>Bringing Typography to the Web with sIFR 3 at <head>
Bringing Typography to the Web with sIFR 3 at <head>
Mark Wubben
 

What's hot (20)

ARTDM 170, Week 16: Publishing
ARTDM 170, Week 16: PublishingARTDM 170, Week 16: Publishing
ARTDM 170, Week 16: Publishing
 
WordPress Development Confoo 2010
WordPress Development Confoo 2010WordPress Development Confoo 2010
WordPress Development Confoo 2010
 
Optimizing Drupal for Mobile Devices
Optimizing Drupal for Mobile DevicesOptimizing Drupal for Mobile Devices
Optimizing Drupal for Mobile Devices
 
What's new in Rails 2?
What's new in Rails 2?What's new in Rails 2?
What's new in Rails 2?
 
Zend Form Tutorial
Zend Form TutorialZend Form Tutorial
Zend Form Tutorial
 
SlideShare Instant
SlideShare InstantSlideShare Instant
SlideShare Instant
 
SlideShare Instant
SlideShare InstantSlideShare Instant
SlideShare Instant
 
Php 3 1
Php 3 1Php 3 1
Php 3 1
 
Integrating WordPress With Web APIs
Integrating WordPress With Web APIsIntegrating WordPress With Web APIs
Integrating WordPress With Web APIs
 
Changing Template Engine
Changing Template EngineChanging Template Engine
Changing Template Engine
 
Evolution of API With Blogging
Evolution of API With BloggingEvolution of API With Blogging
Evolution of API With Blogging
 
Advanced and Hidden WordPress APIs
Advanced and Hidden WordPress APIsAdvanced and Hidden WordPress APIs
Advanced and Hidden WordPress APIs
 
Advanced SEO for Web Developers
Advanced SEO for Web DevelopersAdvanced SEO for Web Developers
Advanced SEO for Web Developers
 
Lecture 6 - Comm Lab: Web @ ITP
Lecture 6 - Comm Lab: Web @ ITPLecture 6 - Comm Lab: Web @ ITP
Lecture 6 - Comm Lab: Web @ ITP
 
Web Typography with sIFR 3 at Drupalcamp Copenhagen
Web Typography with sIFR 3 at Drupalcamp CopenhagenWeb Typography with sIFR 3 at Drupalcamp Copenhagen
Web Typography with sIFR 3 at Drupalcamp Copenhagen
 
Findability Bliss Through Web Standards
Findability Bliss Through Web StandardsFindability Bliss Through Web Standards
Findability Bliss Through Web Standards
 
Microformats at Web 2.0 Expo April 2007
Microformats at Web 2.0 Expo April 2007Microformats at Web 2.0 Expo April 2007
Microformats at Web 2.0 Expo April 2007
 
Ajax On S2 Odp
Ajax On S2 OdpAjax On S2 Odp
Ajax On S2 Odp
 
IBM Lotus Notes Domino XPages and XPages for Mobile
IBM Lotus Notes Domino XPages and XPages for MobileIBM Lotus Notes Domino XPages and XPages for Mobile
IBM Lotus Notes Domino XPages and XPages for Mobile
 
Bringing Typography to the Web with sIFR 3 at <head>
Bringing Typography to the Web with sIFR 3 at <head>Bringing Typography to the Web with sIFR 3 at <head>
Bringing Typography to the Web with sIFR 3 at <head>
 

Viewers also liked

Building Lanyrd
Building LanyrdBuilding Lanyrd
Building Lanyrd
Simon Willison
 
MongoDB ClickStream and Visualization
MongoDB ClickStream and VisualizationMongoDB ClickStream and Visualization
MongoDB ClickStream and Visualization
Cameron Sim
 
Ognjen Divljak Web Portali i E-Poslovanje
Ognjen Divljak Web Portali i E-PoslovanjeOgnjen Divljak Web Portali i E-Poslovanje
Ognjen Divljak Web Portali i E-Poslovanje
Ognjen Divljak
 
Survey Results - Welfare Benefits
Survey Results - Welfare BenefitsSurvey Results - Welfare Benefits
Survey Results - Welfare BenefitsMark
 
The Frog Frenzy
The Frog FrenzyThe Frog Frenzy
The Frog Frenzy
lfenn
 
Marks Trip To Ground Zero And Valley Forge Presentation
Marks Trip To Ground Zero And Valley Forge PresentationMarks Trip To Ground Zero And Valley Forge Presentation
Marks Trip To Ground Zero And Valley Forge Presentationguest3413db
 
Microapps Story
Microapps StoryMicroapps Story
Microapps Storychikee7808
 
Mexico
MexicoMexico
Mexico
knutsone
 
Demografi MovieZine
Demografi MovieZineDemografi MovieZine
Demografi MovieZine
Daniel Feldt
 
Oreo Project
Oreo ProjectOreo Project
Oreo Projectlfenn
 
Julia Newton Presentation
Julia Newton PresentationJulia Newton Presentation
Julia Newton Presentation
Mark
 
Liferay cloud services lnlug-6-march-2014
Liferay cloud services lnlug-6-march-2014Liferay cloud services lnlug-6-march-2014
Liferay cloud services lnlug-6-march-2014
Ruud Kluivers
 
Figaronron Lego Jango Fett
Figaronron Lego Jango FettFigaronron Lego Jango Fett
Figaronron Lego Jango Fettshameleon
 
Drustvene Mreze Su Raj Za Marketing - Ognjen Divljak
Drustvene Mreze Su Raj Za Marketing - Ognjen DivljakDrustvene Mreze Su Raj Za Marketing - Ognjen Divljak
Drustvene Mreze Su Raj Za Marketing - Ognjen DivljakOgnjen Divljak
 
Amit Golchha_CV
Amit Golchha_CVAmit Golchha_CV
Amit Golchha_CVamitjain
 
Social Media in the Job Search
Social Media in the Job SearchSocial Media in the Job Search
Social Media in the Job Search
Michael Severy
 

Viewers also liked (20)

Building Lanyrd
Building LanyrdBuilding Lanyrd
Building Lanyrd
 
MongoDB ClickStream and Visualization
MongoDB ClickStream and VisualizationMongoDB ClickStream and Visualization
MongoDB ClickStream and Visualization
 
Evoking & Creating wisdom
Evoking & Creating wisdomEvoking & Creating wisdom
Evoking & Creating wisdom
 
Ognjen Divljak Web Portali i E-Poslovanje
Ognjen Divljak Web Portali i E-PoslovanjeOgnjen Divljak Web Portali i E-Poslovanje
Ognjen Divljak Web Portali i E-Poslovanje
 
朝邦基金會 對話力課程及引導服務 2013
朝邦基金會 對話力課程及引導服務 2013朝邦基金會 對話力課程及引導服務 2013
朝邦基金會 對話力課程及引導服務 2013
 
Survey Results - Welfare Benefits
Survey Results - Welfare BenefitsSurvey Results - Welfare Benefits
Survey Results - Welfare Benefits
 
The Frog Frenzy
The Frog FrenzyThe Frog Frenzy
The Frog Frenzy
 
Marks Trip To Ground Zero And Valley Forge Presentation
Marks Trip To Ground Zero And Valley Forge PresentationMarks Trip To Ground Zero And Valley Forge Presentation
Marks Trip To Ground Zero And Valley Forge Presentation
 
Microapps Story
Microapps StoryMicroapps Story
Microapps Story
 
Group project photos @ Beijing Institute of Technology
Group project photos @ Beijing Institute of TechnologyGroup project photos @ Beijing Institute of Technology
Group project photos @ Beijing Institute of Technology
 
Mexico
MexicoMexico
Mexico
 
Demografi MovieZine
Demografi MovieZineDemografi MovieZine
Demografi MovieZine
 
Oreo Project
Oreo ProjectOreo Project
Oreo Project
 
Dialogic Change Workshop Handbook (11/4/2011) - bilingual
Dialogic Change Workshop Handbook (11/4/2011) - bilingualDialogic Change Workshop Handbook (11/4/2011) - bilingual
Dialogic Change Workshop Handbook (11/4/2011) - bilingual
 
Julia Newton Presentation
Julia Newton PresentationJulia Newton Presentation
Julia Newton Presentation
 
Liferay cloud services lnlug-6-march-2014
Liferay cloud services lnlug-6-march-2014Liferay cloud services lnlug-6-march-2014
Liferay cloud services lnlug-6-march-2014
 
Figaronron Lego Jango Fett
Figaronron Lego Jango FettFigaronron Lego Jango Fett
Figaronron Lego Jango Fett
 
Drustvene Mreze Su Raj Za Marketing - Ognjen Divljak
Drustvene Mreze Su Raj Za Marketing - Ognjen DivljakDrustvene Mreze Su Raj Za Marketing - Ognjen Divljak
Drustvene Mreze Su Raj Za Marketing - Ognjen Divljak
 
Amit Golchha_CV
Amit Golchha_CVAmit Golchha_CV
Amit Golchha_CV
 
Social Media in the Job Search
Social Media in the Job SearchSocial Media in the Job Search
Social Media in the Job Search
 

Similar to Building Secure Twitter Apps

2009 Barcamp Nashville Web Security 101
2009 Barcamp Nashville Web Security 1012009 Barcamp Nashville Web Security 101
2009 Barcamp Nashville Web Security 101
brian_dailey
 
Developing and testing ajax components
Developing and testing ajax componentsDeveloping and testing ajax components
Developing and testing ajax components
Ignacio Coloma
 
Plone Interactivity
Plone InteractivityPlone Interactivity
Plone Interactivity
Eric Steele
 
Avoiding Cross Site Scripting - Not as easy as you might think
Avoiding Cross Site Scripting - Not as easy as you might thinkAvoiding Cross Site Scripting - Not as easy as you might think
Avoiding Cross Site Scripting - Not as easy as you might think
Erlend Oftedal
 
REST, the internet as a database?
REST, the internet as a database?REST, the internet as a database?
REST, the internet as a database?
Andrej Koelewijn
 
From "Username and Password" to InfoCard
From "Username and Password" to InfoCardFrom "Username and Password" to InfoCard
From "Username and Password" to InfoCard
goodfriday
 
Seam Glassfish Slidecast
Seam Glassfish SlidecastSeam Glassfish Slidecast
Seam Glassfish Slidecast
Eduardo Pelegri-Llopart
 
Ajax ons2
Ajax ons2Ajax ons2
Ajax ons2
Chad Davis
 
Top 10 Web Security Vulnerabilities
Top 10 Web Security VulnerabilitiesTop 10 Web Security Vulnerabilities
Top 10 Web Security Vulnerabilities
Carol McDonald
 
10 Things You're Not Doing [IBM Lotus Notes Domino Application Development]
10 Things You're Not Doing [IBM Lotus Notes Domino Application Development]10 Things You're Not Doing [IBM Lotus Notes Domino Application Development]
10 Things You're Not Doing [IBM Lotus Notes Domino Application Development]
Chris Toohey
 
Apache Roller, Acegi Security and Single Sign-on
Apache Roller, Acegi Security and Single Sign-onApache Roller, Acegi Security and Single Sign-on
Apache Roller, Acegi Security and Single Sign-on
Matt Raible
 
Rails 3 And The Real Secret To High Productivity Presentation
Rails 3 And The Real Secret To High Productivity PresentationRails 3 And The Real Secret To High Productivity Presentation
Rails 3 And The Real Secret To High Productivity Presentationrailsconf
 
What I brought back from Austin
What I brought back from AustinWhat I brought back from Austin
What I brought back from AustinLisa Adkins
 
Joomla security nuggets
Joomla security nuggetsJoomla security nuggets
Joomla security nuggetsguestbd1cdca
 
Htm
HtmHtm
Htm
266446113
 
Grddl In A Nutshell V1
Grddl In A Nutshell V1Grddl In A Nutshell V1
Grddl In A Nutshell V1
Fabien Gandon
 
Web Security Mistakes: Trusting The Client
Web Security Mistakes: Trusting The ClientWeb Security Mistakes: Trusting The Client
Web Security Mistakes: Trusting The Client
grutz
 

Similar to Building Secure Twitter Apps (20)

2009 Barcamp Nashville Web Security 101
2009 Barcamp Nashville Web Security 1012009 Barcamp Nashville Web Security 101
2009 Barcamp Nashville Web Security 101
 
Developing and testing ajax components
Developing and testing ajax componentsDeveloping and testing ajax components
Developing and testing ajax components
 
Plone Interactivity
Plone InteractivityPlone Interactivity
Plone Interactivity
 
Avoiding Cross Site Scripting - Not as easy as you might think
Avoiding Cross Site Scripting - Not as easy as you might thinkAvoiding Cross Site Scripting - Not as easy as you might think
Avoiding Cross Site Scripting - Not as easy as you might think
 
REST, the internet as a database?
REST, the internet as a database?REST, the internet as a database?
REST, the internet as a database?
 
From "Username and Password" to InfoCard
From "Username and Password" to InfoCardFrom "Username and Password" to InfoCard
From "Username and Password" to InfoCard
 
Seam Glassfish Slidecast
Seam Glassfish SlidecastSeam Glassfish Slidecast
Seam Glassfish Slidecast
 
A rel
A relA rel
A rel
 
Ajax ons2
Ajax ons2Ajax ons2
Ajax ons2
 
Top 10 Web Security Vulnerabilities
Top 10 Web Security VulnerabilitiesTop 10 Web Security Vulnerabilities
Top 10 Web Security Vulnerabilities
 
10 Things You're Not Doing [IBM Lotus Notes Domino Application Development]
10 Things You're Not Doing [IBM Lotus Notes Domino Application Development]10 Things You're Not Doing [IBM Lotus Notes Domino Application Development]
10 Things You're Not Doing [IBM Lotus Notes Domino Application Development]
 
Apache Roller, Acegi Security and Single Sign-on
Apache Roller, Acegi Security and Single Sign-onApache Roller, Acegi Security and Single Sign-on
Apache Roller, Acegi Security and Single Sign-on
 
Rails 3 And The Real Secret To High Productivity Presentation
Rails 3 And The Real Secret To High Productivity PresentationRails 3 And The Real Secret To High Productivity Presentation
Rails 3 And The Real Secret To High Productivity Presentation
 
What I brought back from Austin
What I brought back from AustinWhat I brought back from Austin
What I brought back from Austin
 
Lecture1 B Frames&Forms
Lecture1 B Frames&FormsLecture1 B Frames&Forms
Lecture1 B Frames&Forms
 
Joomla security nuggets
Joomla security nuggetsJoomla security nuggets
Joomla security nuggets
 
Htm
HtmHtm
Htm
 
WordPress APIs
WordPress APIsWordPress APIs
WordPress APIs
 
Grddl In A Nutshell V1
Grddl In A Nutshell V1Grddl In A Nutshell V1
Grddl In A Nutshell V1
 
Web Security Mistakes: Trusting The Client
Web Security Mistakes: Trusting The ClientWeb Security Mistakes: Trusting The Client
Web Security Mistakes: Trusting The Client
 

Recently uploaded

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 

Recently uploaded (20)

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 

Building Secure Twitter Apps

  • 1.
  • 3.
  • 4.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 14.
  • 15. Retrieve Username $.getJSON(&quot; http://twitter.com /statuses/user_timeline?count=1&callback=? &quot;, function(data) { alert(&quot;Username is: &quot; + data[0].user.screen_name ) }); {&quot;text&quot;:&quot;Pretty sure humans have kneecaps so we can slam them into tables. *ow*&quot;,&quot;truncated&quot;:false, &quot;user&quot; :{&quot;following&quot;:null,&quot;time_zone&quot;:&quot;Pacific Time (US & Canada)&quot;,&quot;description&quot;:&quot;Prof. Computer Security Consultant with a passion for breaking things and generating statistics (see http:tweetstats.com and http:ratemytalk.com).&quot;, &quot;screen_name&quot;:&quot;dacort&quot; ,&quot;utc_offset&quot;:-28800,&quot;profile_sidebar_border_color&quot;:&quot;87bc44&quot;,&quot;notifications&quot;:null,&quot;created_at&quot;:&quot;Thu Dec 21 07:14:05 +0000 2006&quot;,&quot;profile_text_color&quot;:&quot;000000&quot;,&quot;url&quot;:&quot;http:dcortesi.com&quot;,&quot;name&quot;:&quot;Damon Cortesi&quot;,&quot;statuses_count&quot;:21385,&quot;profile_background_image_url&quot;:&quot;http:static.twitter.comimagesthemestheme1bg.gif&quot;,&quot;followers_count&quot;:4441,&quot;protected&quot;:false,&quot;profile_link_color&quot;:&quot;A100FF&quot;,&quot;profile_background_tile&quot;:false,&quot;friends_count&quot;:1775,&quot;profile_background_color&quot;:&quot;000000&quot;,&quot;verified&quot;:false,&quot;favourites_count&quot;:202,&quot;profile_image_url&quot;:&quot;http:s3.amazonaws.comtwitter_productionprofile_images90802743Famous_Glasses_normal.jpg&quot;,&quot;location&quot;:&quot;Seattle, WA&quot;,&quot;id&quot;:99723,&quot;profile_sidebar_fill_color&quot;:&quot;e0ff92&quot;},&quot;in_reply_to_status_id&quot;:null,&quot;created_at&quot;:&quot;Mon Jul 27 21:37:53 +0000 2009&quot;,&quot;in_reply_to_user_id&quot;:null,&quot;favorited&quot;:false,&quot;in_reply_to_screen_name&quot;:null,&quot;id&quot;:2877957719,&quot;source&quot;:&quot;<a href=amp;quot;http: www.atebits.com amp;quot;>Tweetie<a>&quot;}
  • 17.
  • 18.
  • 19.
  • 20.
  • 21. Also Watch out for...
  • 22.  
  • 23.  
  • 25.  
  • 26.
  • 27.
  • 29.