Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
4Activity
0 of .
Results for:
No results containing your search query
P. 1
Stopping Attacks in a Web 2.0 World

Stopping Attacks in a Web 2.0 World

Ratings:

4.0

(1)
|Views: 50 |Likes:
Published by Best Tech Videos
In this session, Jeff will discuss web application threats arising out of rich client and "Web 2.0" technology such as Javascript, Ajax, and Flash that have recently become extremely dangerous. He'll focus on "Cross-Site Request Forgery" (CSRF) and "Advanced XSS" vulnerabilities that can be found in the vast majority of current web applications. The talk will cover maintaining security as the trust boundary shifts between client and server in enterprise application architectures.

Watch a video at http://www.bestechvideos.com/2009/02/02/stopping-attacks-in-a-web-2-0-world
In this session, Jeff will discuss web application threats arising out of rich client and "Web 2.0" technology such as Javascript, Ajax, and Flash that have recently become extremely dangerous. He'll focus on "Cross-Site Request Forgery" (CSRF) and "Advanced XSS" vulnerabilities that can be found in the vast majority of current web applications. The talk will cover maintaining security as the trust boundary shifts between client and server in enterprise application architectures.

Watch a video at http://www.bestechvideos.com/2009/02/02/stopping-attacks-in-a-web-2-0-world

More info:

Published by: Best Tech Videos on Mar 18, 2009
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

05/10/2014

pdf

text

original

 
)
Copyright © 2006 - Aspect SecurityCopyright © 2006 – Aspect Security – www.aspectsecurity.com
Perfect Storm:Stopping Attacks in a Web 2.0 World
Jeff Williams Aspect Security CEO jeff.williams@aspectsecurity.com OWASP Chair jeff.williams@owasp.org 
 
)
Copyright © 2006 – Aspect Security – www.aspectsecurity.com
 Agenda
 
Introduction
 
Background
 
Cross Site Request Forgery (CSRF)
)
 
In most or all applications
 
 Advanced Cross Site Scripting (XSS)
)
 
New impacts to an old vulnerability
 
Discussion
2
 
)
Copyright © 2006 – Aspect Security – www.aspectsecurity.com
Background
 
Web 2.0
)
 
Includes RIA, Community/Blog/Wiki, Mashups
)
 
No totally new threat, but increased attack surface
 
 Attackers are now using Web 2.0 technology
)
 
 Ajax: Javascript and XmlHttpRequest
)
 
RIA: ActiveX, Flash, Flex, Silverlight, AIR, JFX, etc…
 
…To attack all types of web applications
)
 
Including traditional web applications
)
 
 Avoiding use of Web 2.0 technologies does not protect you
 
…Through the browser-side of the relationship
)
 
 Attackers can run complex applications within the browser
3

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->