Uploaded bydzhengo44
PPTX, PDF544 views

Dzhengis 93098 ajax - security

AJAX is a web development technique that allows web pages to be updated asynchronously by exchanging data with a web server behind the scenes, without interfering with the display and behavior of the existing page. While AJAX can improve interactivity, it also introduces some security risks similar to regular web applications, such as cross-site request forgery and malware being introduced through malicious JavaScript code. Developers need to implement authentication, authorization, and data protection to secure AJAX applications and users can help defend themselves using tools like NoScript to block untrusted scripts.

Embed presentation

Download to read offline
Asynchronous JavaScript And XML
Cyber Attacks are increasing !!! Why?! Fortunately modern browsers are getting better and better by using AJAX
• AJAX, is a web development technique for creating interactive web applications.
Classic web app vs. Ajax web app
If you know JavaScript, HTML, CSS, and XML, then you need to spend just one hour to start with AJAX ?
AJAX cannot work independently. It is used in combination with other technologies to create interactive web pages.
AJAX Security •AJAX-based Web applications use the same server-side security schemes of regular Web applications. •You specify authentication, authorization, and data protection requirements in your web.xml file (declarative) or in your program (programmatic). •AJAX-based Web applications are subject to the same security threats as regular Web applications.
AJAX Security CSRF –> Cross – Site Request Forgery ATTACKS • See what he/she searched for • Read emails • Steal credit card details through PayPal DEFENSE • Use authentication tokens
AJAX Security • Hacker can use JavaScript code for inferring server-side weaknesses. • JavaScript code is downloaded from the server and executed at the client and can compromise the client by mal-intended code.
AJAX Security USEFUL TOOLS Defense •NoScript – Accept scripts only from sites you trust •AltCookies – Accept cookies only from sites you trust •Firebug – Dig deeply into HTML/JAVASCRIPT/CSS AND HTTP
Mr. Drazhev, Thanks for your time.

More Related Content

PPT
Ajax Security
byRoberto Suggi Liverani
 
PDF
AJAX: How to Divert Threats
byCenzic
 
PDF
AJAX Security - LAC2016
byJulia Logan a.k.a. IrishWonder
 
PDF
Ajax Security Dangers
bydrkimsky
 
PPTX
Web Hacking Intro
byAditya Kamat
 
PPTX
Cross site scripting XSS
byRonan Dunne, CEH, SSCP
 
PDF
Become a Security Ninja
byPaul Gilzow
 
PPTX
RSA Europe 2013 OWASP Training
byJim Manico
 
Ajax Security
byRoberto Suggi Liverani
 
AJAX: How to Divert Threats
byCenzic
 
AJAX Security - LAC2016
byJulia Logan a.k.a. IrishWonder
 
Ajax Security Dangers
bydrkimsky
 
Web Hacking Intro
byAditya Kamat
 
Cross site scripting XSS
byRonan Dunne, CEH, SSCP
 
Become a Security Ninja
byPaul Gilzow
 
RSA Europe 2013 OWASP Training
byJim Manico
 

What's hot

PPTX
Browser Security 101
byStormpath
 
PDF
2013 OWASP Top 10
bybilcorry
 
PPTX
Security asp.net application
byZAIYAUL HAQUE
 
PPTX
Dom based xss
byLê Giáp
 
PPT
Top 10 Web Security Vulnerabilities (OWASP Top 10)
byBrian Huff
 
PPTX
Build A Killer Client For Your REST+JSON API
byStormpath
 
PPTX
Website hacking and prevention (All Tools,Topics & Technique )
byJay Nagar
 
PDF
Securing Web Applications with Token Authentication
byStormpath
 
PDF
Owasp top 10 2013
byEdouard de Lansalut
 
PPTX
Web application attacks
byhruth
 
PPTX
Web application security: Threats & Countermeasures
byAung Thu Rha Hein
 
PPTX
Web application attack Presentation
byKhoa Nguyen
 
PPTX
Spring Security
byBoy Tech
 
PPTX
Token Authentication for Java Applications
byStormpath
 
PDF
Common Web Application Attacks
byAhmed Sherif
 
PDF
CSRF, ClickJacking & Open Redirect
byBlueinfy Solutions
 
PPTX
Access Control Pitfalls v2
byJim Manico
 
PDF
BsidesDelhi 2018: DomGoat - the DOM Security Playground
byBSides Delhi
 
PPTX
Its all about CSRF - null Mumbai Meet 10 January 2015 Null/OWASP Chapter
byNilesh Sapariya
 
PDF
Html5 localstorage attack vectors
byShreeraj Shah
 
Browser Security 101
byStormpath
 
2013 OWASP Top 10
bybilcorry
 
Security asp.net application
byZAIYAUL HAQUE
 
Dom based xss
byLê Giáp
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
byBrian Huff
 
Build A Killer Client For Your REST+JSON API
byStormpath
 
Website hacking and prevention (All Tools,Topics & Technique )
byJay Nagar
 
Securing Web Applications with Token Authentication
byStormpath
 
Owasp top 10 2013
byEdouard de Lansalut
 
Web application attacks
byhruth
 
Web application security: Threats & Countermeasures
byAung Thu Rha Hein
 
Web application attack Presentation
byKhoa Nguyen
 
Spring Security
byBoy Tech
 
Token Authentication for Java Applications
byStormpath
 
Common Web Application Attacks
byAhmed Sherif
 
CSRF, ClickJacking & Open Redirect
byBlueinfy Solutions
 
Access Control Pitfalls v2
byJim Manico
 
BsidesDelhi 2018: DomGoat - the DOM Security Playground
byBSides Delhi
 
Its all about CSRF - null Mumbai Meet 10 January 2015 Null/OWASP Chapter
byNilesh Sapariya
 
Html5 localstorage attack vectors
byShreeraj Shah
 

Viewers also liked

PPT
(In)Secure Ajax-Y Websites With PHP
bychw
 
PPS
Con El Corazon
byRosana Rivas
 
PDF
W Razie Problemow2!
byAMP
 
PPT
Pecha Kucha Koen Vermeijs Han Solo College IC1Z2
byguestbd5ff6
 
PDF
Siguse 2009 Symposium Program
bysiguse_history
 
PDF
Budget and economic outlook 2014 to 2024
byLuis Taveras EMBA, MS
 
PDF
OurPDX preso for WordCampPortland
bybetsywhim
 
PDF
Eprimer ecom
byjhayem28
 
DOCX
Aprende ecxel
byYorleidis Meza Mendez
 
(In)Secure Ajax-Y Websites With PHP
bychw
 
Con El Corazon
byRosana Rivas
 
W Razie Problemow2!
byAMP
 
Pecha Kucha Koen Vermeijs Han Solo College IC1Z2
byguestbd5ff6
 
Siguse 2009 Symposium Program
bysiguse_history
 
Budget and economic outlook 2014 to 2024
byLuis Taveras EMBA, MS
 
OurPDX preso for WordCampPortland
bybetsywhim
 
Eprimer ecom
byjhayem28
 
Aprende ecxel
byYorleidis Meza Mendez
 

Similar to Dzhengis 93098 ajax - security

PDF
www.webre24h.com - Ajax security
bywebre24h
 
PDF
Ajax
bysoumya
 
PPTX
Ajax
byamitmishra43258
 
PPTX
Day8
bymadamewoolf
 
PDF
Ajax Technology
byIRJET Journal
 
PPT
Ajax
byAdamGyohannes
 
PPTX
Web hacking refers to exploitation of applications via HTTP which can be done
byssuserf8636d
 
PPTX
Ajax
byRajesh Khanna
 
PDF
1 ppt-ajax with-j_query
byFajar Baskoro
 
PPTX
Overview of AJAX
byRoshith S Pai
 
PDF
Ajax tutorial
byshubham509
 
PDF
Ajax
byHigher Education Department KP
 
PDF
Ajax learning tutorial
bybharat_beladiya
 
PPT
Ajax
byShivam Jaiswal
 
PPTX
Ajax
byreddivarihareesh
 
PPTX
Ajax
byMichael Hamilton
 
PPT
Ajax
byanandha ganesh
 
PPT
Ajax.ppt
byMAGNA COLLEGE OF ENGINEERING
 
PPTX
Ajax:From Desktop Applications towards Ajax Web Applications
bySiva Kumar
 
PPTX
Ajax
byRajesh Khanna
 
www.webre24h.com - Ajax security
bywebre24h
 
Ajax
bysoumya
 
Ajax
byamitmishra43258
 
Day8
bymadamewoolf
 
Ajax Technology
byIRJET Journal
 
Ajax
byAdamGyohannes
 
Web hacking refers to exploitation of applications via HTTP which can be done
byssuserf8636d
 
Ajax
byRajesh Khanna
 
1 ppt-ajax with-j_query
byFajar Baskoro
 
Overview of AJAX
byRoshith S Pai
 
Ajax tutorial
byshubham509
 
Ajax
byHigher Education Department KP
 
Ajax learning tutorial
bybharat_beladiya
 
Ajax
byShivam Jaiswal
 
Ajax
byreddivarihareesh
 
Ajax
byMichael Hamilton
 
Ajax
byanandha ganesh
 
Ajax.ppt
byMAGNA COLLEGE OF ENGINEERING
 
Ajax:From Desktop Applications towards Ajax Web Applications
bySiva Kumar
 
Ajax
byRajesh Khanna
 

Recently uploaded

PPTX
Q4_PPT MUSIC & ARTS 7 week 1-2, matatag curriculum
byZEN
 
PDF
How "Raiders of the Lost Ark" and "Ordinary People" Employ Non-Verbal Acting
by6x5csns4pn
 
PPTX
Renal Physiology -Nephron.pptx
byDisha Soriya
 
PDF
Nursing care plan for Vomiting /B.Sc nsg
byDr. Sudhadevi Sadanandan
 
PPTX
Problem and Solution (PowerPoint Game Template)
byacpaulite
 
PPTX
How to Track & Manage My Time Section in Odoo 18 Time Off
byCeline George
 
PDF
java full stack programming and interview questions
byrajuashokit
 
PDF
Judgement Regarding Land Acquisition Act not Applicable to Encroachers.pdf
byssuser9d8e4e
 
PPTX
Greengnorance Toolkit Module 3 Shopping and Food
byKarl Donert
 
PPTX
Greengnorance Toolkit Module 4 Active Mobility and Transport
byKarl Donert
 
PPTX
WEEK 2 (2).pptx TLE COOKERY 10 QUARTER 4
byResynFayeCortez2
 
PDF
AI Is a Tool, Not a Voice: Radio, Trust, and the Human Factor
byN.A. Shah Ansari
 
PDF
Conservation of Earthen Structures in India Preserving Traditional and Sustai...
byAman Kumar Singh
 
PPTX
Types of counselling Directive, Non Directive, Eclectic Counselling
byPriya Sush
 
PDF
PHARMACOLOGY 1 ( BP 404 T) Unit 1 (Cology 1)
byChetan Mali
 
PDF
Workshop 29 Crystal Review All Students by YogiGoddess
by©LDMMIA, ©Reiki Yoga
 
PPTX
How to Manage & Publish Job Positions in Odoo 18 Recruitment
byCeline George
 
PDF
Beyond the Absurd: A Comparative Reading of Waiting for Godot and the Bhagava...
byKruti Vyas
 
PPTX
PRE TERM LABOR ( PREMATURE LABOUR IN PREGNANCY)
byMuthu Kumar
 
PPTX
Methods & Applications of Enzyme Immobilization Technique.pptx
byAnupkumar Sharma
 
Q4_PPT MUSIC & ARTS 7 week 1-2, matatag curriculum
byZEN
 
How "Raiders of the Lost Ark" and "Ordinary People" Employ Non-Verbal Acting
by6x5csns4pn
 
Renal Physiology -Nephron.pptx
byDisha Soriya
 
Nursing care plan for Vomiting /B.Sc nsg
byDr. Sudhadevi Sadanandan
 
Problem and Solution (PowerPoint Game Template)
byacpaulite
 
How to Track & Manage My Time Section in Odoo 18 Time Off
byCeline George
 
java full stack programming and interview questions
byrajuashokit
 
Judgement Regarding Land Acquisition Act not Applicable to Encroachers.pdf
byssuser9d8e4e
 
Greengnorance Toolkit Module 3 Shopping and Food
byKarl Donert
 
Greengnorance Toolkit Module 4 Active Mobility and Transport
byKarl Donert
 
WEEK 2 (2).pptx TLE COOKERY 10 QUARTER 4
byResynFayeCortez2
 
AI Is a Tool, Not a Voice: Radio, Trust, and the Human Factor
byN.A. Shah Ansari
 
Conservation of Earthen Structures in India Preserving Traditional and Sustai...
byAman Kumar Singh
 
Types of counselling Directive, Non Directive, Eclectic Counselling
byPriya Sush
 
PHARMACOLOGY 1 ( BP 404 T) Unit 1 (Cology 1)
byChetan Mali
 
Workshop 29 Crystal Review All Students by YogiGoddess
by©LDMMIA, ©Reiki Yoga
 
How to Manage & Publish Job Positions in Odoo 18 Recruitment
byCeline George
 
Beyond the Absurd: A Comparative Reading of Waiting for Godot and the Bhagava...
byKruti Vyas
 
PRE TERM LABOR ( PREMATURE LABOUR IN PREGNANCY)
byMuthu Kumar
 
Methods & Applications of Enzyme Immobilization Technique.pptx
byAnupkumar Sharma
 

Dzhengis 93098 ajax - security

  • 1.
  • 2.
    Cyber Attacks areincreasing !!! Why?! Fortunately modern browsers are getting better and better by using AJAX
  • 3.
    • AJAX, isa web development technique for creating interactive web applications.
  • 4.
    Classic web appvs. Ajax web app
  • 5.
    If you knowJavaScript, HTML, CSS, and XML, then you need to spend just one hour to start with AJAX ?
  • 6.
    AJAX cannot workindependently. It is used in combination with other technologies to create interactive web pages.
  • 7.
    AJAX Security •AJAX-based Webapplications use the same server-side security schemes of regular Web applications. •You specify authentication, authorization, and data protection requirements in your web.xml file (declarative) or in your program (programmatic). •AJAX-based Web applications are subject to the same security threats as regular Web applications.
  • 8.
    AJAX Security CSRF –>Cross – Site Request Forgery ATTACKS • See what he/she searched for • Read emails • Steal credit card details through PayPal DEFENSE • Use authentication tokens
  • 9.
    AJAX Security • Hackercan use JavaScript code for inferring server-side weaknesses. • JavaScript code is downloaded from the server and executed at the client and can compromise the client by mal-intended code.
  • 10.
    AJAX Security USEFUL TOOLS Defense •NoScript– Accept scripts only from sites you trust •AltCookies – Accept cookies only from sites you trust •Firebug – Dig deeply into HTML/JAVASCRIPT/CSS AND HTTP
  • 11.