Be Afraid. Be Very Afraid. Javascript security, XSS & CSRFMark Stanton
See http://blog.gruden.com/category/js-security for more info.
A walk through real-world web site vulnerabilities - Mark shows step by step how vulnerable web sites can be exploited to trigger annoying pop up windows to more sinister attacks involving session stealing and rewriting page content. Learn how to test for and protect against these increasingly common attacks.
- http://www.webdu.com.au/session/be-afraid--be-very-afraid--javascript-security-xss-and-csrf
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRFMark Stanton
See http://blog.gruden.com/category/js-security for more info.
A walk through real-world web site vulnerabilities - Mark shows step by step how vulnerable web sites can be exploited to trigger annoying pop up windows to more sinister attacks involving session stealing and rewriting page content. Learn how to test for and protect against these increasingly common attacks.
- http://www.webdu.com.au/session/be-afraid--be-very-afraid--javascript-security-xss-and-csrf
Much has changed in the MySQL world over the past few years with it being first bought by Sun and then gobbled by Oracle. So is it going to be sucked of oxygen or are Oracle serious about keeping MySQL popular and open?
The good news is that despite going quiet for a long while (one releases in 4+ years) it looks like Oracle have shown some love and rolled out significant changes and welcome improvements that improve the MySQL's overall maturity and performance.
This talk will walk through practical examples that demonstrate how these features can be best used.
Topics include:
With InnoDB being chosen over MyISAM as the default storage engine we'll explore the pros & cons of these and other table types.
A key to high availability is redundancy, so replication is vital. This talk will walk through real-world examples ranging from simple master-slave setups to more complex multi-master and multi-slave configurations.
Now that you have multiple servers up & running the next logical step is a look at the load balancing and failover features built into the latest JDBC drivers.
To round things out we'll examine options for backing up your mysql data and check out some of the new monitoring tools Oracle are providing as enterprise (i.e. non-free) add-ons.
As we build richer, more complex web applications it’s easy to forget that speed is the cornerstone of user experience. Bing have found that a 2 second delay reduces revenue by 4%. Google know that half a second delay drops traffic by 20%. AOL have shown that users with a speedy experience stay 50% longer than users who have to wait. The evidence is clear – speed matters.
What’s more, most latency comes from the front-end, not the backend so the fixes are not specific to a particular platform. This session will examine a range of techniques from DOM & CSS tricks to web server and HTTP tweaks that can help improve front-end performance by 25-50%.
Whether you’re looking to save bandwidth, increase your conversion rate, retain visitors, save time or just make your users happy – the speed of your site matters.
Example build files are available at http://mark.gruden.com/masters-of-war-build-files.zip
Mark walks though how to create a scalable and automated deployment process for Coldfusion apps using Ant. Starting with some reverse engineering of CF's built-in WAR deployment process, we'll then be working through to the separation of application code, the CF runtime and CF's configuration files into distinct elements that can be versioned independently and finally looking at how these assets can be deployed selectively to a number of servers and put back together into running applications.
Much has changed in the MySQL world over the past few years with it being first bought by Sun and then gobbled by Oracle. So is it going to be sucked of oxygen or are Oracle serious about keeping MySQL popular and open?
The good news is that despite going quiet for a long while (one releases in 4+ years) it looks like Oracle have shown some love and rolled out significant changes and welcome improvements that improve the MySQL's overall maturity and performance.
This talk will walk through practical examples that demonstrate how these features can be best used.
Topics include:
With InnoDB being chosen over MyISAM as the default storage engine we'll explore the pros & cons of these and other table types.
A key to high availability is redundancy, so replication is vital. This talk will walk through real-world examples ranging from simple master-slave setups to more complex multi-master and multi-slave configurations.
Now that you have multiple servers up & running the next logical step is a look at the load balancing and failover features built into the latest JDBC drivers.
To round things out we'll examine options for backing up your mysql data and check out some of the new monitoring tools Oracle are providing as enterprise (i.e. non-free) add-ons.
As we build richer, more complex web applications it’s easy to forget that speed is the cornerstone of user experience. Bing have found that a 2 second delay reduces revenue by 4%. Google know that half a second delay drops traffic by 20%. AOL have shown that users with a speedy experience stay 50% longer than users who have to wait. The evidence is clear – speed matters.
What’s more, most latency comes from the front-end, not the backend so the fixes are not specific to a particular platform. This session will examine a range of techniques from DOM & CSS tricks to web server and HTTP tweaks that can help improve front-end performance by 25-50%.
Whether you’re looking to save bandwidth, increase your conversion rate, retain visitors, save time or just make your users happy – the speed of your site matters.
Example build files are available at http://mark.gruden.com/masters-of-war-build-files.zip
Mark walks though how to create a scalable and automated deployment process for Coldfusion apps using Ant. Starting with some reverse engineering of CF's built-in WAR deployment process, we'll then be working through to the separation of application code, the CF runtime and CF's configuration files into distinct elements that can be versioned independently and finally looking at how these assets can be deployed selectively to a number of servers and put back together into running applications.